When SIDN, one of the world’s largest top-level domain managers, decided to migrate one of their authoritative name servers from Unicast to Anycast to improve performance, they selected ThousandEyes as their network monitoring and intelligence partner. ThousandEyes was able to provide SIDN with the data they needed to understand latency and traffic routes from many different vantage points, so they could identify issues and improve performance—ensuring a successful migration.
SIDN, or Stichting Internet Domeinregistratie Nederland, has been managing the .nl domain since 1996 and since that time has invested in research and development, through SIDN Labs, working closely with the Internet measurement community, as well as standards bodies and universities. Its emphasis on research led to a project by Giovane Moura and Moritz Müller, who set out to investigate how they could better engineer the service provided by their authoritative name servers. Authoritative name servers work in partnership with DNS (Domain Name Server) Resolvers to translate the address typed into a browser to an IP address that can be used to navigate a route over the Internet. DNS resolution is only one component of how a user connects to a website; however, its performance is crucial, and even a minimal delay can negatively affect performance.
After studying the behavior of thousands of active resolvers on the Internet, they concluded that running an authoritative name server with IP Unicast can introduce unnecessary latency, as there’s no way to avoid DNS queries going to sites that are geographically distant to users. By moving to Anycast, they could improve DNS performance, since they would have more sites closer to their users. With Anycast, one IP address covers multiple servers distributed across the globe. BGP (Border Gateway Protocol) is then leveraged to match a user to the closest site.
SIDN gets queries from all over the world, but they decided to start their migration to Anycast with their NS5 node (which serves North America) due to the presence of major cloud providers and the demand for robust performance.
To effectively roll out Anycast, SIDN decided they needed to be able to monitor RTT (Round-trip Time) from many different viewpoints around the world and be able to investigate how traffic is routed across the Internet, in order to quickly isolate potential performance issues. To do this, they selected ThousandEyes, as ThousandEyes provided the worldwide coverage SIDN required.
To support the migration from Unicast to Anycast, SIDN set up the following within the ThousandEyes application:
- A DNS Server test was configured to run from over forty Cloud Agents across the globe to the target name server (ns5.dns.nl). These agents were picked to give a mixture of IPv4 and IPv6 data and global visibility. Each of the ThousandEyes agents sends multiple DNS requests to ns5.dns.nl asking for the .nl SOA record. From this test, SIDN can get nameserver availability and DNS resolution time.
- Network tests were configured to map the path from each agent to the NS5 nameserver and gather loss, latency and jitter metrics.
- BGP data was sourced from monitors located across the world to capture routing changes that can impact performance and availability.
- Proactive alerts and a high-level dashboard displays global latency of the SIDN platform.
With the rollout of Anycast on NS5 complete, SIDN is starting to look at the rest of their network and partners to see how Anycast can deliver higher performance for inbound queries from all over the world. The initial project goal was to reduce RTT from 165 milliseconds worldwide, to less than 100 milliseconds. With ThousandEyes Network Intelligence, SIDN was able to get RTT down to 77 milliseconds.
With ThousandEyes providing the network intelligence, SIDN was able to dramatically improve DNS performance and support their mission to help provide a better internet. To read the full story, check out the SIDN Case Study.