BlockBlog
Back to blog
system design

System Design: Anycast for Load Balancing

#System Design#Load Balancing#Networking#Anycast#DNS#CDN#Go

An exploration of Anycast, a network routing strategy that improves latency and provides load balancing by directing users to the nearest server with the same IP address.

In a global network, latency is the enemy. The time it takes for a packet to travel from a user to a server is governed by the speed of light. The only way to reduce this latency is to reduce the physical distance the packet has to travel. This is the problem that Anycast routing is designed to solve.

Anycast is a network addressing and routing methodology in which a single IP address is assigned to multiple servers in different geographic locations. When a user sends a request to this IP address, the network automatically routes them to the "closest" server. This makes Anycast a powerful tool for load balancing, reducing latency, and mitigating DDoS attacks.

How Anycast Works: One IP, Many Servers

In traditional Unicast routing, there is a one-to-one relationship between an IP address and a server. In Anycast, it's a one-to-many relationship.

  1. IP Address Announcement: Multiple servers, located in different data centers around the world (e.g., New York, London, Tokyo), are all configured with the same IP address.
  2. BGP Routing: Each of these servers uses the Border Gateway Protocol (BGP) to announce to the internet's routers that they have a path to this IP address.
  3. Shortest Path Routing: When a user sends a request, the routers in the internet's backbone work together to find the "shortest" path to a server with that IP address. "Shortest" in BGP terms usually means the path with the fewest network hops, which is a good proxy for the lowest latency.
  4. Automatic Failover: If one of the servers goes down, it stops announcing its route. The BGP network automatically converges and starts sending traffic to the next-closest server, providing seamless failover.
graph TD subgraph User in Europe User end User -- "Request to 198.51.100.10" --> InternetRouters[Internet Routers (BGP)] subgraph "Servers (all with IP 198.51.100.10)" NY_Server[New York Server] LDN_Server[London Server] TKY_Server[Tokyo Server] end InternetRouters -- "Finds shortest path" --> LDN_Server style LDN_Server fill:#f9f,stroke:#333,stroke-width:2px

In this diagram, a user in Europe is automatically routed to the London server because it's the closest in network terms, even though servers in New York and Tokyo have the same IP address.

Anycast vs. DNS Load Balancing

Anycast is often compared to Geolocation-based DNS load balancing, but they operate at different layers and have different characteristics.

Feature DNS Load Balancing Anycast
Layer Application Layer (DNS) Network Layer (IP Routing)
Decision Point The DNS server decides which IP to return. The network routers decide where to send the packet.
Failover Slow, dependent on DNS TTL. Fast, automatic network convergence.
Granularity Can be based on the client's resolver location, which may not be accurate. Based on the actual network topology, which is more accurate.
Stateful Apps Can work, as the client is "stuck" to one IP for the duration of the TTL. Not suitable for stateful applications, as the route can change mid-session ("route flapping").

The key difference is that with Anycast, the routing decision is made by the network itself, not by a DNS server. This makes it much faster and more resilient.

Primary Use Cases

Anycast is ideal for services that are stateless and can be replicated globally.

  1. DNS Services: This is the original and most common use case. Root DNS servers and major DNS providers (like Cloudflare's 1.1.1.1 or Google's 8.8.8.8) use Anycast. This ensures that DNS queries are resolved by a server close to the user, making DNS resolution fast and resilient worldwide.
  2. Content Delivery Networks (CDNs): CDNs use Anycast to route users to the nearest edge server (Point of Presence - PoP). When a user requests an image or a video, the request is sent to the closest PoP, which can serve the content from its cache, dramatically reducing latency.
  3. DDoS Mitigation: Anycast provides a powerful defense against Distributed Denial of Service (DDoS) attacks. A massive flood of traffic from a botnet will be distributed across all the Anycast locations. Instead of overwhelming a single data center, the attack traffic is diluted, allowing each individual location to handle a smaller, more manageable portion of the load.

Limitations and Challenges

  1. Stateless Applications Only: Because BGP routes can change, a user's traffic might suddenly be rerouted to a different server mid-session. If the application requires state (like a shopping cart or a logged-in session), this will break the user experience. Therefore, Anycast should only be used for stateless protocols like DNS or HTTP (for serving static content).
  2. Complex to Implement: Setting up and managing an Anycast network requires control over your own IP address space and the ability to configure BGP routing with multiple transit providers. This is typically only feasible for large organizations.
  3. Debugging Can Be Difficult: When a user reports a problem, it can be hard to determine which physical server they were actually connected to, as they all share the same IP. This requires sophisticated monitoring and logging that includes the location of the serving node.
  4. No Control Over "Closest": "Closest" is determined by BGP path length, which doesn't always perfectly correlate with the lowest real-world latency. Sometimes, a congested but shorter path might be slower than a less-congested but longer path.

Go Example: An Anycast-Aware HTTP Server

You can't "implement" Anycast in Go, as it's a networking concept. However, you can write a Go application that is "Anycast-aware." For example, an HTTP server can return a custom header indicating which data center is serving the request. This is invaluable for debugging.

Let's assume this Go program is deployed on multiple servers around the world, all behind the same Anycast IP.

package main

import (
	"fmt"
	"log"
	"net/http"
	"os"
)

// The location of this specific server, read from an environment variable.
var serverLocation = "unknown"

func helloHandler(w http.ResponseWriter, r *http.Request) {
	// Add a custom header to identify the serving location.
	w.Header().Set("X-Server-Location", serverLocation)
	
	fmt.Fprintf(w, "Hello from the %s server!", serverLocation)
}

func main() {
	// Get the server location from an environment variable.
	// This allows you to deploy the same code everywhere and configure it at runtime.
	location := os.Getenv("SERVER_LOCATION")
	if location != "" {
		serverLocation = location
	}

	http.HandleFunc("/", helloHandler)

	fmt.Printf("Starting server in location: %s\n", serverLocation)
	log.Fatal(http.ListenAndServe(":8080", nil))
}

How to deploy and run this:

  1. On a server in New York: 
    export SERVER_LOCATION="New York"
go run .
  2. On a server in London: 
    export SERVER_LOCATION="London"
go run .

When a user in the US connects to the Anycast IP, they would hit the New York server and see the X-Server-Location: New York header. A user in the UK would hit the London server and see X-Server-Location: London.

Conclusion

Anycast is a powerful, network-layer solution for global load balancing and latency reduction. By advertising the same IP address from multiple locations, it allows the internet's own routing infrastructure to automatically send users to the nearest server. While its requirement for statelessness and complexity of implementation make it unsuitable for general-purpose application load balancing, it is the gold standard for foundational internet services like DNS and CDNs. Its ability to provide automatic failover and absorb DDoS attacks makes it a critical pattern for building highly resilient, global-scale systems.