Anycast is a type of network routing where data is sent from one point to one receiving an IP address. It is unique because multiple physical devices share this IP address in various locations. Usually, these devices are servers. When data is sent to the shared IP, it is automatically received by one of the serves – specifically, the one physically closest to the sender. This is often described as a one-to-one-of-many transmission.
Consider the following example: Three servers in Italy, Canada, and Mexico share an IP address. A sender in Texas wants to share data with the IP address the three share – using Anycast, the server in Mexico would receive the data, as it is closest and, therefore, the first and fastest to respond.
Content delivery networks (CDNs) and DNS hosts commonly use this casting to bring the content they deliver closer to users. This system also means that if a server sharing the IP address fails, another one will jump in and carry on instead.
For example: If the server in Mexico happens to go offline, the next-closest server would be the one in Canada, and thus, the Canadian server would accept the data instead of the Mexican one until that one comes back in line. This way, there is little to no downtime, and services remain available.
Similarity to Unicast
For the final recipient of the data – the end user – there is no real difference between Anycast and Unicasting, as information moves from one sender to one recipient – the only difference is the path it takes. In contrast, Multicasting sends data to all group members, not just one. Intermediary devices generally don’t even need to support Anycast.
The actual message is unicast to a single IP. Anycast only affects the virtual routing on the internet, so your home router doesn’t need to understand it. Routing is based on the routing ‘cost’ to each advertised server. Only the route with the lowest cost is chosen. Anycast is particularly well-established in IPv6 protocols, offering reduced access times and easy load distribution for access.
Fun fact: DDoS protection services like Cloudflare often use Anycast to protect their clients. If a server is attacked, the service can be configured to spread the load over as many servers as possible. This minimizes the overall effect on any server, allowing the target and network to continue normal operations. This can mean the attempt to shut down a site completely fails.
In 2013, Anycast was a critical factor in Cloudflare’s ability to manage the most significant DDoS attack it had faced. Even hitting 300Gbps, the attack still couldn’t circumvent the Anycast system setup.
Anycast is an addressing scheme where several servers are assigned the same shared IP address. Traffic is then routed to these servers depending on which server is easiest to get to from the sender’s location. This is generally linked to the nearest physical location, though the routing cost algorithms can be more nuanced than that.
This allows services like CDNs and DNS servers to use one IP to serve traffic worldwide but direct traffic to servers local to the user. Anycast can act as an ad hoc load balancer with careful configuration, giving it the potential to thwart DDoS attacks.