PIAS Measurements Publications Project Page Deployment Credits
As part of our efforts to offer a usable PIAS service, we have deployed a native IP anycast group comprising of six proxies at the following locations:
  1. Cornell University, Ithaca, NY, US
  2. Intel-Research, Berkeley, CA, US
  3. Intel-Research, Pittsburgh, PA, US
  4. Intel-Research, Seattle, WA, US
  5. WIDE, Otemachi, Japan
  6. Cisco Lab, RTP, NC, US

Deployment Details

For the purpose of setting up a native IP Anycast group, we accquired a /22 prefix (anycast prefix) and an AS number from ARIN. Details of these can be found here.

At all the sites, the proxy (a tower/rack-mount machine running Linux FC4) runs a software router (quagga/zebra). The router has an EBGP peering with the BGP-speaking router of the site through which it advertises the anycast prefix. At all the sites, we have used static routes for intra-domain routing. The figure below shows the proxy set-up at Cornell (Broadwing is one of Cornells' upstream providers). This arrangement leads to [..., 6395, 26, 33207] as one of the AS-paths for the prefix.

PIAS Proxy at Cornell

Which anycast proxy is accessible from your site?

In order to debug any problems with our anycast deployment and to study the behaviour of the anycast set-up, we often find it useful to determine the proxy accessed by a given site. To find out the proxy accesible from your site, try out the following:
dig @204.9.168.1 TXT anycast.anycast.guha.cc
This command sends a query to an anycast address (204.9.168.1), asking it to reveal the name of the particular proxy which answers the query. The dig utility is distributed with ISC BIND 9.

Alternately, you could simply traceroute to the anycast address (traceroute 204.9.168.1). Observing the names of the routers along the path should give you information regarding the anycast proxy accessible from your site.

Deployment Requirements (for prospective proxy hosting sites)


  1. Hosting a machine (possibly shipped by us) in your machine room. This includes providing normal unicast network connectivity to the machine.

  2. Allowing us to peer with your BGP-speaking router.

  3. Ensuring that you inform your upstream provider about the advertisement of the anycast prefix through you so that they can configure their prefix filters appropriately.

PIAS Proxy at the Cisco DMZ Lab, RTP


PIAS Proxy at Cisco DMZ Lab, RTP

The PIAS proxy is supposed to advertise the anycast prefix (204.9.168.0/22) through a peering with the lab's BGP router. Hence, the lab's firewall needs to allow packets destined to this prefix. Further, the firewall needs to allow packets to the unicast addresses assigned to the main interface and the management interface of the proxy.