Skip to main content
Skip table of contents

2577 - Configuring DNS Anycast in BloxOne DDI

Scenario

Our DNS service instances are running but our ultimate DNS design requires speed, redundancy, load balancing, and some DDoS mitigation. We have decided to implement the Anycast protocol with our DNS services to accomplish these requirements. Our network team has already implemented the routes needed and has provided the IP address scheme, so all we need to do is configure Anycast in our BloxOne DDI deployment.

Estimated Completion Time

  • 10 to 15 minutes

Prerequisites

  • Administrative access to the CSP

  • Lab 2801: Deploying BloxOne Hosts

  • Lab 2573: Enabling and Configuring DNS Services

Course References

  • 2159: BloxOne DDI Configuring DNS Services

  • 2151: BloxOne Configuring Anycast

Tasks

  1. Creating an Anycast Configuration

  2. Configuring the Anycast Service Instance

  3. Validating the router is receiving the routes

Task 1: Creating an Anycast Configuration

We need to create an Anycast Configuration first, where we will define our Anycast address. This is the IP address that will be advertised to the routers as the closest (in routing terms) DNS server to the client, using the Anycast protocol. We don't have to configure BGP at this point, but we do need to use the Anycast IP address that our network team provided: 10.24.7.53. We can name our configuration Techblue BGP DNS Anycast and the service it will use will be DNS.

Task 2: Configuring the Anycast Service Instance

Now we can configure DNS Anycast Service Instances. We'll create two service instances using our two BloxOne Hosts, oph1.techblue.net and oph2.techblue.net. We can name the Anycast service instances Techblue Anycast service 1 and Techblue Anycast service 2. We'll use the Anycast Configuration we made previously, named Techblue BGP DNS Anycast, and apply this to each Service Instance. We will finally need to use the BGP configurations given to us by our network team:

Table 2577-1

Service Instance

ASN

Keepalive

Hold Down

Neighbor Router

Remote ASN

Techblue Anycast service 1

65400

4

16

10.100.0.1

65247

Techblue Anycast service 2

65400

4

16

10.200.0.1

65247

Task 3: Validating the router is receiving the routes

Now that our Anycast is configured and our service instances are running, we should make sure the routes are being advertised. We can jump onto our router (the vyos VM in our lab environment) and check which BGP routes are showing up with the command show ip bgp. We are looking for BGP routes that show that the Anycast address 10.24.7.53/32 is connected to both of our BloxOne Hosts at 10.100.0.110 and 10.200.0.110.



Solutions

Task 1: Creating an Anycast Configuration

  1. With the CSP browser window, navigate to ManageAnycast

  2. Click the Create Anycast Configuration button

  3. Give the Anycast Configuration a Name: Techblue BGP DNS Anycast

  4. Specify the Anycast IP Address: 10.24.7.53

  5. Under Service select DNS

  6. Click Save & Close

Task 2: Enabling the Anycast Service

  1. With the CSP browser window navigate to ManageInfrastructure Services

  2. Click on Create Service and choose Anycast from the drop-down

  3. Enter a Name: Techblue Anycast service 1

  4. Click on Select Host and locate the Host with the IP address 10.100.0.110 (this should be oph1.techblue.net)

  5. Choose the Host and click on the Select button on the right

  6. Click Next

  7. Under ANYCAST CONFIIG PROFILE click Add and select the Techblue BGP DNS Anycast profile from the drop-down

  8. Next to the Techblue BGP DNS Anycast Anycast Config Profile, check the box for BGP

  9. Expand the BGP section and enter the BGP configuration for Techblue Anycast service 1 

    1. Under ASN specify: 65400

    2. Under Keepalive, specify: 4

    3. Under Hold Down specify: 16

    4. Under BGP Neighbor Configuration click Add

    5. For Neighbor Router enter: 10.100.0.1

    6. For Remote ASN enter: 65247

    7. Click Add and then Next

  10. Click Save & Close

  11. Repeat the above steps for oph2.techblue.net using the same configuration, except use the name Techblue Anycast service 2 and enter 10.200.0.1 as the Neighbor Router IP address.

Task 3: Validate VyOS Router is Receiving Routes

  1. On either jump-desktop or testing-linux virtual machines, open a Terminal window

  2. Open a secure shell connection to vyos-router at IP address 10.100.0.1:

    ssh vyos@10.100.0.1

  3. When prompted, enter the password: vyos

  4. Enter the following command to view the BGP route information:

    show ip bgp


    You should see the following output showing routes being received from both 10.100.0.110 and 10.200.0.110 (it may take several minutes for the route to show up)

    vyos@vyos-router:~$ show ip bgp

    Network Next Hop Metric LocPrf Weight Path
    *> 10.24.7.0/24 0.0.0.0 0 32768 i
    *= 10.24.7.53/32 10.200.0.110 0 0 65400 i
    *> 10.100.0.110 0 0 65400 i
    *> 10.35.22.0/24 0.0.0.0 2 32768 ?
    *> 10.100.0.0/24 0.0.0.0 2 32768 ?
    *> 10.200.0.0/24 0.0.0.0 2 32768 ?
    *> 10.254.254.0/24 0.0.0.0 2 32768 ?
    *> 172.31.101.0/24 0.0.0.0 2 32768



    This route entry indicates that network traffic directed to 10.24.7.53 can reach either 10.100.0.110 or 10.200.0.110:

    *= 10.24.7.53/32 10.200.0.110 0 0 65400 i
    *> 10.100.0.110 0 0 65400 i



JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.