- Cornell University, Ithaca, NY, US
- Intel-Research, Berkeley, CA, US
- Intel-Research, Pittsburgh, PA, US
- Intel-Research, Seattle, WA, US
- WIDE, Otemachi, Japan
- Cisco Lab, RTP, NC, US
Deployment DetailsFor the purpose of setting up a native IP Anycast group, we accquired a /22 prefix (anycast prefix) and an AS number from ARIN. Details of these can be found here.
At all the sites, the proxy (a tower/rack-mount machine running Linux FC4) runs a software router (quagga/zebra). The router has an EBGP peering with the BGP-speaking router of the site through which it advertises the anycast prefix. At all the sites, we have used static routes for intra-domain routing. The figure below shows the proxy set-up at Cornell (Broadwing is one of Cornells' upstream providers). This arrangement leads to [..., 6395, 26, 33207] as one of the AS-paths for the prefix.
Which anycast proxy is accessible from your site?In order to debug any problems with our anycast deployment and to study the behaviour of the anycast set-up, we often find it useful to determine the proxy accessed by a given site. To find out the proxy accesible from your site, try out the following:
Alternately, you could simply traceroute to the anycast address (traceroute 184.108.40.206). Observing the names of the routers along the path should give you information regarding the anycast proxy accessible from your site.
Deployment Requirements (for prospective proxy hosting sites)
- Hosting a machine (possibly shipped by us) in your machine room. This includes providing
normal unicast network connectivity to the machine.
- Allowing us to peer with your BGP-speaking router.
- Ensuring that you inform your upstream provider about the advertisement of the anycast prefix
through you so that they can configure their prefix
PIAS Proxy at the Cisco DMZ Lab, RTP
The PIAS proxy is supposed to advertise the anycast prefix (220.127.116.11/22) through a peering with the lab's BGP router. Hence, the lab's firewall needs to allow packets destined to this prefix. Further, the firewall needs to allow packets to the unicast addresses assigned to the main interface and the management interface of the proxy.