So I'm re-reading the first part of Routing TCP/IP... [Yeah, I got to page 339 - but it's not fresh anymore.] As I'm reading about IPv6, I noticed this part:
An anycast address represents a service rather than a device, and the same address can reside on one or more devices providing the same service. In Figure 2-3, some service is offered by three servers, all advertising the service at the IPv6 address 3ffe:205:1100::15. The router, receiving advertisements for the address, does not know that it is being advertised by three different devices; instead, the router assumes that it has three routes to the same destination and chooses the lowest-cost route. The advantage of anycast addresses is that a router always routes to the "closest" or "lowest-cost" server.
Isn't that special? Yeah... and dangerous. Think of how that can break -- and what would happen. A DHCP request hits the router and it gets sent to the rogue DHCP server that Mr. Wannabe set up for testing. No, take that one step further - that Dr. Evil set up to hack your network... Overwhelm the *real* server with unicast traffic and let *your* server take over dispensing that service to the network. Bwahahahaha...
I'm sure there must be more to it and there are safeguards in place. I hope. I have an entire book about IPv6 on my list to read, so perhaps that book will cover it more fully. But it seems kind of odd that the protocol would be created with such a trusting heart. DNS was built on the assumption that everyone would play nice - as was most of the early technologies. When the whole Internet was a bunch of college geeks making their computers talk to each other, all was fine. Everyone was trying to make it work. Now we have to make it work *despite* the people who want to break it. On purpose.
You may also want to note that the IPv6 addressing space originally included a Site-Local Unicast address which has now become deprecated. The IETF IPv6 Working Group determined that they introduced a number of difficulties and deprecated site-local addresses in RFC 3879. They were originally somewhat like the RFC 1918 addresses - and were squashed because of the difficulties already seen in that realm. The problems include private addresses being 'leaked' outside of their intended site and the increased complexity for applications and routers that would need to recognize and cope with site-local addresses.
So as the idea evolves, perhaps they may reconsider the anycast address the way they reconsidered the site-local unicast addresses? Since it will be some time before widespread implementation, it's anybody's guess. Or maybe there's more to it that I haven't read yet?
On that note - it's back to the books!
Posted by BlueWolf on December 9, 2007 09:56 PM