Anycast

What Anycast means

Anycast is a network addressing and routing technique in which a single IP address is advertised into the internet's routing system from many physical locations simultaneously, and the network delivers each user's traffic to whichever location is closest in routing terms. The same address answers in Frankfurt, in Singapore, and in São Paulo, and a user in each region transparently reaches the nearby instance without ever knowing the others exist.

The contrast that makes anycast clear is with unicast, the ordinary case in which an address corresponds to exactly one host in one place. With unicast, every user who contacts an address is routed to that single machine, however far away it is. Anycast breaks the one-address-one-location assumption: it relies on the Border Gateway Protocol (BGP) preferring the shortest AS path to a destination, so when the same prefix is announced from dozens of sites, each network around the world routes toward the announcement that is closest to it. There is no central director making the choice; the routing system itself naturally steers each user to a near instance.

Anycast is the workhorse behind two of the internet's most performance-sensitive services: authoritative and recursive DNS, and content delivery networks. The root DNS servers are anycast, which is how a small number of named servers can answer queries from the entire planet with low latency and survive the loss of individual sites. Large public DNS resolvers built around memorable addresses are anycast deployments spanning hundreds of locations. CDNs anycast the addresses of their edge to pull each request to a nearby point of presence, cutting round-trip time and absorbing load close to users.

The benefits are latency, scale, and resilience. Latency drops because traffic travels to a near site rather than a distant origin. Scale improves because load spreads naturally across all the announcing sites instead of concentrating on one. Resilience improves because if a site goes offline its announcement simply withdraws and the routing system reconverges users onto the remaining sites — which is also why anycast is a foundational defense against distributed denial-of-service attacks, since attack traffic is dispersed across the whole footprint instead of overwhelming a single target.

Anycast also leaves recognizable fingerprints, and inferring whether an address is anycast is a genuine analytical task. Several signals point toward it: the announced prefix tends to be a routing block large enough to share globally rather than a tiny allocation; reverse DNS for the address is often absent or generic because many physical hosts share the address from different locations; and the announcing Autonomous System is usually richly peered, connecting to a large number of other networks, because broad peering is what makes nearby-instance routing work everywhere. No single signal is conclusive, but together they let a directory make a reasoned judgment.

There are trade-offs and edge cases. Long-lived stateful connections can be disrupted if routing shifts a user from one site to another mid-session, so anycast is most natural for short, stateless interactions like a DNS query or an HTTP request. Operators mitigate session-stickiness concerns with careful prefix design and session handling. Anycast can also interact with routing anomalies: depending on how an operator structures its Autonomous Systems, an anycast prefix may appear with multiple origins, which a naive monitor might flag as a Multi-Origin AS event even though it is entirely intentional.

Whisper Canon evaluates anycast as part of its IP analysis. For an individual address, the directory weighs the size of the announced prefix, the presence or absence of reverse DNS, and the peering breadth of the announcing ASN to indicate whether the address is likely operating as an anycast service. From there an analyst can pivot to the announcing ASN and the containing prefix to see the routing footprint behind the address — turning the abstract idea of "one address, many places" into concrete, inspectable infrastructure.

Examples in Whisper Canon

Concrete pages in the directory that illustrate Anycast.

• AS13335 — Cloudflare (anycast operator)
• AS15169 — Google
• Browse notable IP addresses
• Browse announced IP prefixes

Related terms

• Border Gateway Protocol (BGP)
• Autonomous System Number (ASN)
• IP Geolocation
• CIDR (Classless Inter-Domain Routing)

Explore Whisper Canon

• All glossary terms
• ASN · AS15169 (Google)
• Live MOAS conflicts feed