Anycast in the age of hypergiants: Towards tools and techniques for the other 99% of ASes

Leandro Bertholdo

Research output: ThesisPhD Thesis - Research UT, graduation UT

112 Downloads (Pure)

Abstract

Over the past 40 years, the Internet has become essential for over 60% of the global population, affecting not just social interactions but also governance and business. However, it has also paved the way for cybercriminal activities like Distributed Denial of Service (DDoS) attacks, which often target critical infrastructures such as the Domain Name System (DNS). DNS maps website names to their corresponding IP addresses.

Anycast is a technique that improves resilience against DDoS attacks by leveraging the Internet's inter-domain routing system. By reusing the same IP address at multiple sites, Anycast redistributes the DDoS attack load. Currently, fewer than 1% of Autonomous Systems (ASes), mainly 'Hypergiants,' employ this technology, leading to an undesired concentration of essential services like DNS. This thesis aims to diversify the use of anycast, with a focus on DNS services.

The thesis offers several contributions. First, we enhance the existing state of the art by developing a novel method to identify and quantify anycast networks, thereby deepening our understanding of anycast adoption. Second, we explore the challenges of operating anycast sites on Internet Exchanges (IXPs), which are crucial for providing high-bandwidth, direct and low-cost connections between thousands of Autonomous Systems (ASes)—factors that become especially important during volumetric DDoS attacks. Third, we demonstrate that anycast management can be made more intuitive for operators, as straightforward as tuning a radio. Fourth, we develop, validate, and openly share tools that facilitate decision-making and automation for anycast networks under DDoS attacks. The operator can estimate the size of the attack and choose whether to absorb or redistribute a given DDoS attack against the anycast network.

Finally, we outline strategies for the future by engaging ISPs and DNS operators in discussions, proposing an anycast DNS federation to help smaller operators expand. By lowering entry costs and simplifying operations, this thesis aims to increase the diversity of anycast providers, potentially reversing the trend of DNS centralization.
Original languageEnglish
QualificationDoctor of Philosophy
Awarding Institution
  • University of Twente
Supervisors/Advisors
  • van Rijswijk - Deij, Roland Martijn, Supervisor
  • Hesselman, Cristian E.W., Supervisor
  • Holz, Ralph-Günther, Co-Supervisor
Award date29 Sept 2023
Place of PublicationEnschede
Publisher
Print ISBNs978-90-365-5731-3
Electronic ISBNs978-90-365-5732-0
DOIs
Publication statusPublished - Sept 2023

Fingerprint

Dive into the research topics of 'Anycast in the age of hypergiants: Towards tools and techniques for the other 99% of ASes'. Together they form a unique fingerprint.

Cite this