Peace,
On Sun, Aug 8, 2021, 5:40 PM Tom Herbert <tom@xxxxxxxxxxxxxxx> wrote:
For instance, DNS can return different addresses to users in different geographic regions, mirrors have long been used for file download.
I want to highlight that because this is important.
There surely are methods to distribute endpoint addresses in such a way that the client would have options on which endpoint to choose: the one you advertise to the IPs in the client's region, or the one you advertised to them w weeks ago, or the one the client has obtained via collaboration (read C2C) with clients in other regions, et cetera.
But anycast is the only way to distribute the address(es) in such a way that the client has _no_choice_.
And this is crucial in DDoS mitigation because otherwise you leave the control over your traffic engineering to the attacker. The resulting complete downtime is just a matter of time then.
--
Töma
