Anycast Saves The Web

Several weeks ago the root servers were attacked. CNet is running a story that says Anycast played a role in preventing larger problems.

It would be interesting to see if all the root servers switch to Anycast. Where would the new distributed servers go? Does Verisign etc. own that many data centers? Or would they be in data centers and colo’s all over the world?

There is an interesting slideshow (PDF link) that discusses the effects of switching k-root to Anycast. It doesn’t really go into foiling DoS attacks though.

Root Server Attack

The root servers were attacked this morning. My guess would be few (if any) really felt the effects. This just goes to show that the net, despite being a distributed mess of networks still has a few critical points in its infrastructure. They didn’t take them down, and didn’t even get them all. Here’s a creepy graph. For the record there are more than just the physical A-M servers. C,F, I-K, M are using anycast so they are distributed among many networks, making it even more redundant, and closer to most users. Because it was done by a botnet, and all but one of the targets were using anycast (according to Wikipedia), the load would be distributed across the servers, making it even harder for an attack to succeed.