[c-nsp] Anycast Questions

joshua sahala jsahala at gmail.com
Wed Feb 16 10:06:57 EST 2011


On Wed, Feb 16, 2011 at 6:42 AM, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> On 16/02/11 13:39, Gert Doering wrote:
>>
>> Hi,
>>
>> On Wed, Feb 16, 2011 at 09:04:49AM +0000, Phil Mayers wrote:
>>>>
>>>> Which makes "monitoring whether everything is fine" a somewhat more
>>>> interesting challenge :-) - if the machine is up, but bgpd fails, the
>>>> service might silently fall over to another instance and things like
>>>> "does this anycasted DNS server still respond?" will happily report
>>>> success...

i had nrpe/nagios and munin monitoring via the non-anycast
query-source/ssh interface address, as well as syslog scraping w/ sec
and snmp queries to the upstream router.  any appreciable
drops/increases from baseline on the server's query numbers (monitored
via munin), triggered nrpe to raise an event in nagios (or something
like that).  although there was a bit of a delay due to the moving
averages of munin's rrd storage, this method worked well for both
failures and attacks against the servers (nxdomain queries increased
200% -> alert -> capture -> block offenders).  the pretty graphs in
munin also helped justify newer servers and made management happy.

/joshua


More information about the cisco-nsp mailing list