Page tree

Contents

Anycast describes a one-to-nearest communication between a single sender and the nearest recipient within a group. The routing protocol chooses one recipient within a target group based on the routing algorithm for the specific protocol and sends data to that recipient only.

Anycast addressing for BloxOne Threat Defense Cloud, BloxOne DDI,  DNS Forwarding Proxy, and BloxOne DDI Licensing, provides the following benefits:

  • Improved Reliability and Resiliency: Anycast provides improved reliability, because DNS queries are sent to an Anycast IP address. If the nearest server somehow goes offline, the router forwards the request to the next nearest DNS server advertising the target Anycast IP address.
  • OSPF and BGP Protocols: Anycast supports both Open Shortest Path First (OSPF) and Border Gateway Protocol (BGP). These protocols enhance system performance.
  • Load Distribution: Anycast distributes the load across multiple DNS servers based on network topology. Dynamic routing enables a fully flexible and path-optimized DNS packet flow.

BloxOne Threat Defense Cloud provides two Anycast IPv4 addresses to improve resiliency and reliability. In potential scenarios where one of the public IP addresses becomes unreachable in BloxOne Threat Defense Cloud, or when using DNS Forwarding Proxy, a second DNS Anycast IPv4 address, 103.80.5.10 can be added to an Anycast Configuration. The second IP DNS Anycast IPv4 address is in addition to any Anycast IP addresses configured by the user. Infoblox recommends that you provision your network firewalls and allow traffic to the following ports:

53udp
53tcp
443tcp

While BloxOne Threat Defense Cloud Anycast utilizes a public IP, DNS Forwarding Proxy Anycast uses a private IP for use within a customer’s private network. Given a possible network routing issue, including a scenario involving route hijacking where service on one of the Anycast IP addresses is interrupted or becomes unavailable, then BloxOne Endpoint, DNS Forwarding Proxy, and the direct network connection will automatically switch to the alternate Anycast IP address.

For additional information on Anycast, see the following.

  • No labels

This page has no comments.