
Ask HN: GeoDNS load balancing vs. Anycast IP? - sylvain_kerkour
Hi HN,
I&#x27;m on my way to understand how CDNs (Netlify, Cloudfront, fly.io, Firebase hosting...) work, but I can&#x27;t find good resources on some details like the following one:<p>GeoDNS load balancing vs Anycast IP?<p>Is one better? Why choose one over the other? What about costs maintaining the infrastructure?
======
mrkurt
There are tradeoffs. I work on Fly.io, so I can tell you why we chose to use
anycast vs DNS for traffic direction.

DNS for traffic direction actually starts with anycast. When you send a DNS
lookup, it's typically to an IP announced from multiple locations. The
internet does its thing and the nearest DNS server sends a response.

10-15 years ago, conventional wisdom said only DNS should happen over anycast.
Routes _can_ change between packets and that will break stateful TCP
connections. In practice, this isn't a problem. Routes are stable enough to
keep connections alive.

In theory, Anycast is ideal. But it's hard to build out, you can't do it on
top of various clouds, and for a 60+ region footprint you end up having to do
your own networking and manage agreements with transit providers.

It's also prone to weird routing issues if you don't have a good way to
monitor it. Almost everyone who's run an anycast setup has had a "why are
people in Chicago getting routed through Tokyo from Dallas?" moment.

DNS is quite a bit simpler for the provider, you can hand out IPs to
EC2/Google Cloud/random VPS provider. And routing to one IP in one place is
typically pretty good. DNS also lets you rely on more than just anycast for
targeting, you can do things like detect end user IPs and be smarter about
where you point them.

We chose anycast because we wanted to give users dedicated IPs addresses. This
is useful for non-http protocols and helps isolate their workloads from other
customers if there's a DDoS. It's a much cleaner end user experience. As a
bonus, it gives us a lot of fun power with ipv6 addresses.

I've heard AWS CloudFront was going to be all anycast until the 11th hour, and
they switched to DNS targeting because they were getting more reliable
results. This was a long time ago, though, I have a feeling DNS over HTTPs and
other privacy measure are going to make DNS targeting less accurate in the
future.

~~~
sylvain_kerkour
Thank you for the detailed reply! I read all your (very interesting) comments
on fly.io's posts here on HN before asking :)

