Eduard,
The reports about IPv6 anycast death are greatly exaggerated ;-)
The issue is well know, e.g. - IPv6 flow label: misuse in hashing | APNIC Blog
Don't forget that flow hashing is a local decision that could be influenced by configuration/capabilities.Relying on constant (sticky) hashing is unhealthy and error prone, when other keys, such as index-ingress-port are used, this is completely unpredictable.
Flow label based hashing is default by default on/off as per vendor/release.
Stateless anycast is not affected by flow label changes as well as statefull services that use OOB sync (think public cloud).
Interesting point - this could affect IPv4 in host based overlays cases. e.g. the value of UDP source port in VXLAN/Geneve header. (skb->hash used for UDP source port)
On Tue, Aug 3, 2021 at 11:56 AM Töma Gavrichenkov <ximaera@xxxxxxxxx> wrote:
Peace,On Tue, Aug 3, 2021, 8:54 PM Phillip Hallam-Baker <phill@xxxxxxxxxxxxxxx> wrote:It would not make me in the least bit sad if ANYCAST TCP doesn't work because I don't think it should.TCP over ANYCAST is crossing the streams. Not surprised it doesn't work and see no reason to change that.Does that imply that you believe no TCP-based protocol deserves protection from DDoS attacks? Because anycast is ultimately the one and the only basement for that protection.--Töma
