On Mon, Aug 9, 2021 at 2:08 PM Warren Kumari <warren@xxxxxxxxxx> wrote:
On Mon, Aug 9, 2021 at 1:08 PM Töma Gavrichenkov <ximaera@xxxxxxxxx> wrote:Peace,On Mon, Aug 9, 2021, 7:47 PM Phillip Hallam-Baker <phill@xxxxxxxxxxxxxxx> wrote:We have people vigorously asserting that Linux broke IPv6 TCP over Anycast five years ago and this is serious.And We have people vigorously asserting that TCP over Anycast works absolutely perfectly and there are no issues.And they are the same people.a) they're not really the same people,b) no one said that TCP works _perfectly_ over anycast per se, because it's understood that perfectionism just doesn't belong in the area or engineering.What's been actually said is that it works just fine in a number of applications, including almost every popular application, and these applications use it this way on purpose,... including a number of content providers.As examples (many aren't really documented), Fastly (https://docs.fastly.com/en/guides/using-fastly-with-apex-domains) and CloudFlare (https://www.cloudflare.com/learning/cdn/glossary/anycast-network/, https://blog.cloudflare.com/cloudflares-architecture-eliminating-single-p/) have offered this.Fastly and CloudFlare both have some really smart people working for them, and they collect and analyze lots of transport level stats. I suspect that they'd be surprised to hear that what they've built doesn't work reliably...I'm often surprised just how often we end up in discussions in the IETF where people make an assertion like "Foo will never work. Can't be done, no way, no how.", and then someone else points at a bunch of existing implementations. This feels like another instance of this.
The starting point for this is the assertion that Linux broke this five years ago. Either it works or it does not.
While I agree with what you are saying about Fastly, Cloudflare etc, I am very much aware of what they are doing. But you are overlooking one very important qualifier, they didn't just deploy and forget, they are actively monitoring. and adapting their approach to reflect changing circumstances.
If someone is going to sell any mitigation measure for any form of attack, they are going to have to continuously monitor performance or they will be quickly overwhelmed.
What I am saying is that there is a difference between an undocumented feature being found to work and a perpetual commitment to making it work. If you are basing your business model on such a feature fine, just be prepared to adapt if circumstances change.
Our job here is not to nag people into operating their infrastructure in a particular way. Our job here is to design an infrastructure that is robust in the face of incompetence, stupidity, greed, lust and technical failures.
One lesson that most of us in the security area have learned but some obstinately refuse to learn is that it is the fault of implementers if the user can't use a system securely and it is the fault of designers and architects if zero effort security is not possible.
