Anycast: Distributed IP Addressing Explained

Anycast is a network addressing and routing methodology where a single IP address is assigned to multiple servers in different locations. When a client connects to an anycast address, the network automatically routes the request to the nearest or best-performing server. This comprehensive guide explains anycast, its benefits, use cases, and implementation.

What is Anycast?

Anycast is a one-to-nearest routing topology where a single IP address is advertised from multiple locations simultaneously. The network's routing protocol automatically directs traffic to the topologically nearest server.

IP Addressing Types

Unicast (one-to-one):

One IP address → One destination
Example: 192.0.2.1 → Single server
Routing: Direct path
Most common: Traditional addressing

Broadcast (one-to-all):

One IP address → All devices on network
Example: 192.168.1.255 → All local devices
Routing: Sent to everyone
Use: Local network only

Learn more about broadcast addresses.

Multicast (one-to-many):

One IP address → Multiple interested receivers
Example: 224.0.0.1 → Subscribed devices
Routing: To group members
Use: Streaming, conferencing

Learn more about multicast addresses.

Anycast (one-to-nearest):

One IP address → Multiple servers, nearest wins
Example: 8.8.8.8 → Closest Google DNS server
Routing: Nearest/best path
Use: Global services, CDN, DNS

How Anycast Works

Basic Concept

Traditional unicast:

Client → 203.0.113.1 → Server in New York
Always routes to same server
Distance doesn't matter

Anycast:

Client in London → 203.0.113.1 → Server in London
Client in Tokyo → 203.0.113.1 → Server in Tokyo
Client in NYC → 203.0.113.1 → Server in NYC

Same IP, different servers
Routed to nearest location

Routing Mechanism

BGP announcement:

Server Location A announces: 203.0.113.0/24
Server Location B announces: 203.0.113.0/24
Server Location C announces: 203.0.113.0/24

All announce same prefix
BGP selects best path
Nearest server wins

Path selection:

Factors:
1. AS path length (fewer hops)
2. Local preference
3. Geographic proximity
4. Network policies
5. Link quality

Result: Traffic to nearest/best server

Example:

Google DNS (8.8.8.8):
- Announced from 100+ locations worldwide
- Client queries 8.8.8.8
- BGP routes to nearest Google server
- Low latency response
- Automatic failover

Anycast Benefits

Performance

Reduced latency:

Client → Nearest server
Shorter network path
Faster response times
Better user experience

Example latency:

Without anycast:
London → New York server: 80ms

With anycast:
London → London server: 5ms
Improvement: 15x faster

Load distribution:

Traffic spread across locations
No single point of congestion
Geographic load balancing
Automatic scaling

Reliability

Automatic failover:

Server fails → BGP withdraws route
Traffic reroutes to next nearest
No manual intervention
Transparent to clients

DDoS mitigation:

Attack traffic distributed
Multiple targets instead of one
Absorb larger attacks
Localized impact

High availability:

Multiple servers for redundancy
No single point of failure
Geographic diversity
Disaster recovery

Simplicity

Single IP address:

One IP for global service
No GeoDNS complexity
No client configuration
Easy to remember (8.8.8.8)

Automatic routing:

Network handles routing
No application changes
Transparent to clients
Self-optimizing

Anycast Use Cases

DNS Servers

Root DNS servers:

13 root server addresses (a-m.root-servers.net)
Each address: Multiple anycast instances
Example: f.root-servers.net
- 100+ locations worldwide
- Same IP everywhere
- Nearest server responds

Public DNS:

Google DNS: 8.8.8.8, 8.8.4.4
Cloudflare: 1.1.1.1
Quad9: 9.9.9.9

All use anycast
Global presence
Low latency
High availability

Benefits for DNS:

Fast resolution
DDoS resilience
Geographic redundancy
Automatic failover

Content Delivery Networks (CDN)

How CDNs use anycast:

Edge servers worldwide
Same IP announced from all
Client → Nearest edge server
Content served locally

Example:

Cloudflare CDN:
- 200+ locations
- Anycast IP addresses
- Automatic routing
- Low latency content delivery

Benefits:

Faster content delivery
Reduced bandwidth costs
Better user experience
DDoS protection

DDoS Mitigation

Anycast for DDoS protection:

Attack traffic distributed
Multiple scrubbing centers
Localized impact
Absorb larger attacks

How it works:

1. Attack targets anycast IP
2. Traffic distributed globally
3. Each location handles portion
4. Scrubbing centers clean traffic
5. Legitimate traffic forwarded

Capacity:

Single location: 10 Gbps capacity
10 locations: 100 Gbps capacity
Attack distributed: Harder to overwhelm

Load Balancing

Geographic load balancing:

Servers in multiple regions
Same IP address
Traffic automatically distributed
Based on proximity

Example:

API service:
- US East
- US West
- Europe
- Asia

Clients routed to nearest
Even load distribution
No manual configuration

Gaming and Real-time Services

Low latency requirements:

Gaming servers
Voice/video chat
Real-time collaboration
Financial trading

Benefits:

Nearest server selection
Reduced lag
Better experience
Automatic failover

Anycast Implementation

Requirements

Multiple locations:

Minimum: 2 locations
Recommended: 3+ locations
Global service: 10+ locations
Geographic diversity

BGP capability:

Autonomous System Number (ASN)
BGP peering
IP address block
Router configuration

Identical services:

Same application/service
Same configuration
Synchronized data (if stateful)
Consistent responses

BGP Configuration

Announce same prefix from all locations:

Cisco IOS:

router bgp 65001
 network 203.0.113.0 mask 255.255.255.0
 neighbor 198.51.100.1 remote-as 65002
 neighbor 198.51.100.1 description ISP_Peer

Each location announces:

Location A: Announces 203.0.113.0/24
Location B: Announces 203.0.113.0/24
Location C: Announces 203.0.113.0/24

BGP propagates all announcements
Routers select best path
Traffic distributed

Server Configuration

Assign anycast IP:

Linux:

# Add anycast IP to loopback
ip addr add 203.0.113.1/32 dev lo

# Or in /etc/network/interfaces
auto lo:0
iface lo:0 inet static
    address 203.0.113.1
    netmask 255.255.255.255

Service binding:

# Bind service to anycast IP
# DNS server example
named -4 -t /var/named -u named -c /etc/named.conf -p 53 -L 203.0.113.1

Health Monitoring

Withdraw route if unhealthy:

Monitor: Service health
Unhealthy: Withdraw BGP announcement
Result: Traffic reroutes automatically
Healthy: Re-announce route

Example with ExaBGP:

# Health check script
if service_healthy():
    announce_route("203.0.113.0/24")
else:
    withdraw_route("203.0.113.0/24")

Anycast Challenges

Stateful Services

Problem:

Anycast routes to nearest server
Route may change mid-session
Stateful data lost
Session breaks

Example:

Client starts session → Server A
Network change → Routes to Server B
Server B: No session state
Session broken

Solutions:

1. Stateless services:

Best for: DNS, NTP, CDN
Each request independent
No session state
Anycast-friendly

2. Session persistence:

Sticky routing (not ideal)
Shared state (database)
Session replication
State synchronization

3. Accept session breaks:

Application handles reconnection
Retry logic
Acceptable for some use cases

Asymmetric Routing

Problem:

Request: Client → Server A (anycast)
Response: Server A → Client (unicast)
Different paths
Firewall issues possible

Example:

Request path: Client → ISP1 → Server A
Response path: Server A → ISP2 → Client

Asymmetric routing
Stateful firewalls may block

Solutions:

Stateless firewalls
Allow asymmetric routing
Return path optimization
Direct server return (DSR)

Route Flapping

Problem:

BGP route changes
Traffic shifts between servers
Unstable routing
Performance impact

Causes:

Network instability
BGP misconfiguration
Link flapping
Route dampening needed

Solutions:

Stable BGP configuration
Route dampening
Monitoring and alerting
Redundant paths

Geographic Accuracy

Problem:

BGP routing ≠ Geographic proximity
AS path length matters more
May not route to nearest

Example:

Client in City A
Server 1: City A (3 AS hops)
Server 2: City B (2 AS hops)
Routes to: Server 2 (fewer hops)
Not nearest geographically

Solutions:

Optimize BGP policies
More peering points
Accept limitations
Combine with GeoDNS

Anycast vs Alternatives

Anycast vs GeoDNS

GeoDNS:

DNS returns different IPs by location
Application layer
Requires DNS lookup
Client caching issues

Anycast:

Network layer routing
Same IP everywhere
No DNS dependency
Automatic failover

Comparison:

GeoDNS:
+ More control
+ Stateful possible
- DNS caching
- Slower failover

Anycast:
+ Fast failover
+ Network-level
+ No DNS dependency
- Stateless better

Best approach:

Combine both:
GeoDNS: Coarse geographic routing
Anycast: Fine-grained, automatic

Anycast vs Load Balancer

Load balancer:

Single location
Application-aware
Session persistence
Health checks

Anycast:

Multiple locations
Network-level
Geographic distribution
Automatic routing

Use together:

Anycast: Geographic distribution
Load balancer: Local distribution
Layered approach
Best of both

Anycast Best Practices

Design

1. Multiple locations:

Minimum 3 locations
Geographic diversity
Consider user distribution
Plan for growth

2. Identical configuration:

Same software versions
Same configuration
Automated deployment
Configuration management

3. Stateless when possible:

Design for stateless
Each request independent
No session dependency
Anycast-friendly

Operations

1. Monitoring:

Service health per location
BGP announcement status
Traffic distribution
Route changes

2. Health checks:

Automated health monitoring
Withdraw unhealthy routes
Re-announce when healthy
Alert on failures

3. Gradual rollout:

Test in one location
Verify routing
Monitor performance
Expand gradually

Security

1. DDoS protection:

Anycast distributes attack
Scrubbing centers
Rate limiting
Traffic analysis

2. Route security:

RPKI validation
BGP authentication
Monitor announcements
Detect hijacking

3. Access control:

Firewall rules
Rate limiting
Geographic blocking
Anomaly detection

Real-World Examples

Google Public DNS (8.8.8.8)

Implementation:

100+ locations worldwide
Anycast addressing
Low latency globally
DDoS resilient
Free service

Benefits:

Fast DNS resolution
High availability
Global reach
Automatic failover

Cloudflare

Services:

CDN: Anycast edge servers
DNS: 1.1.1.1 anycast
DDoS protection: Distributed
200+ locations

Architecture:

Same IPs announced globally
Nearest edge server responds
Automatic load distribution
Built-in DDoS mitigation

Root DNS Servers

13 root servers:

a.root-servers.net through m.root-servers.net
Each: Multiple anycast instances
Total: 1000+ servers worldwide
Critical infrastructure

Resilience:

DDoS attacks absorbed
Geographic redundancy
Automatic failover
Internet stability

Future of Anycast

IPv6 Anycast

Built-in support:

IPv6 designed with anycast
Anycast addresses defined
Same principles as IPv4
Better support

Subnet-router anycast:

Reserved: First address in subnet
Purpose: Reach any router
Use: Router discovery

Expanding Use Cases

Trends:

More CDN adoption
Edge computing
5G networks
IoT services
Real-time applications

Innovation:

Application-aware anycast
Hybrid approaches
Machine learning routing
Dynamic optimization

Conclusion

Anycast is a powerful networking technique that enables global services to achieve low latency, high availability, and DDoS resilience by routing traffic to the nearest or best-performing server. While best suited for stateless services like DNS and CDN, anycast has become essential infrastructure for modern internet services.

Related Articles

Infrastructure

• CDN - CDN uses anycast
• Load Balancing - Traffic distribution
• DNS Servers - DNS anycast
• Dedicated IP - IP management

Network Concepts

• BGP - BGP routing for anycast
• Routing - Network routing
• IPv6 vs IPv4 - Anycast in both protocols
• Broadcast Address - Address types comparison
• Multicast Address - Multicast vs anycast

Security and Performance

• DDoS Attacks - DDoS mitigation
• Geo IP Location - Geographic routing

Explore More

• Enterprise - Enterprise networking hub
• Networking Basics - Essential concepts

Key takeaways: - Anycast: One IP, multiple servers, nearest wins - BGP routing: Automatic path selection - Benefits: Low latency, high availability, DDoS mitigation - Use cases: DNS, CDN, DDoS protection, load balancing - Best for: Stateless services - Challenges: Stateful sessions, asymmetric routing - Implementation: Requires BGP, multiple locations - Monitoring: Health checks, route management - Security: Distributed DDoS protection - Future: Expanding use cases, IPv6 support

Anycast is the foundation of modern internet infrastructure, powering DNS services, CDNs, and DDoS protection. By distributing services globally and routing traffic to the nearest location, anycast provides the performance and reliability required for today's internet applications. When designing global services, anycast should be a primary consideration for achieving low latency and high availability.