Anycasting IPv6 TCP and UDP


Anycasting IPv6 TCP and UDP

Inspired by LinkedIn's own Samir Jaferali's post on Building your own anycast network in 9 steps.


Register for an ASN via an LIR, I used ip6.im and Fairnode, who gave me a free /39 IPv6 prefix of the type (ASSIGNED, ALLOCATED-BY-LIR).
PI is "ASSIGNED PI" or "ASSIGNED ANYCAST" (special). PA is ALLOCATED-BY-RIR, ALLOCATED-BY-LIR, AGGREGATED-BY-LIR and ASSIGNED.

Things I wish I knew:

  • You cannot announce any of your network prefixes outside of RIPE regions, these are for use in RIPE regions only. The exception to this is anycast traffic.
  • ASN and IP prefixes that fall under RIPE can be announced and anycasted in the world as long as one PoP has a RIPE region presence. This can be as easy as a virtual machine in Europe whose location can be occasionally confirmed via traceroute.

Dear APNIC, why can't you be as easy to work with?

RIPE registration and role types to create:

  1. inet6num
  2. mntner
  3. organisation
  4. person
  5. role (Network Operations/NOC)
  6. route6 (Can only be updated on request by your LIR if you have PA and not PI address space)


RIPE has good documentation and once your route6 exists in RIPE, it's a matter of time before your announcements are heard and propagated.

We only announce out of Vultr's locations right now and AS20473 is their Choopa ASN.


I could connect to Vultr/Choopa's ASN via IPv4 but chose not to as I don't announce/care for IPv4. 


OS and software stack used:
  • OS: OpenBSD 6.2
  • BGP: OpenBGPD 6.0
  • Web server + load balancer: Caddy 0.10.10
  • Authoritative name server: NSD 4.1.17


Announce from two locations and you're officially anycasted!

The 'anycast network' has just two locations with Vultr at the moment - Frankfurt and San Francisco. The image below masks the < 2 ms response from Frankfurt, RTT from SF and the rest of the US looks pretty good actually. Sweet, anycasting working!

The RTT is way too high between physically close-ish London/Paris/Amsterdam and the Frankfurt PoP and this was to be expected. The routes probably need tweaking and this is why I registered for a real ASN - to play with Prepending, Communities and Selective Announcements.




To be continued in part two..

Comments