Listen — an AI-generated two-host deep dive on this piece. The transcript is karaoke-synced; tap any line to jump there.
Show synced transcript (two hosts, A / B)
Speakers auto-attributed by turn; the timing is exact, the A/B labels are approximate.
AWell, you operate under a fundamental assumption, it is a heuristic you have likely never articulated out loud, yet it governs every single diagnostic decision you make regarding network infrastructure.
BOh, absolutely. I mean, I guarantee that's exactly how you listening, visualize it too.
AYou believe, quite simply, that a single IP address must physically reside in only one location. You treat an IP address like the exact coordinates of a house on a street.
BRight, because, you know, that is how we are taught from day one. If I open a terminal and ping an IP address, my brain immediately pictures a very specific physical piece of silicon.
AYes, sitting in a specific rack. Exactly. In a specific data center somewhere, it is incredibly comforting. It's like the foundational bedrock of how we think the internet works. One address, one physical destination.
BPrecision is required here because that comfort is built entirely on a functional illusion.
AA very persistent illusion, yeah. Indeed. So today's source material is a highly illuminating article by Ian McCutcheon, titled "A Stitch in Time, Anycast Workshop", and our primary mission for this deep dive is to, well, surgically correct this deeply ingrained, fundamentally flawed assumption in your mental map of network routing.
BYes. We are going to dismantle the idea that our route lives in one place. And honestly, prepare to have your mind completely blown by this. This concept is going to completely shatter how you view internet infrastructure.
ARight. And more importantly, how you design your own networks.
BIt is a significant paradigm shift. It totally is. It's one of those things where once you see the mechanics behind it, you can never unsee it. Your entire mental map is going to get a massive upgrade today.
ALet us begin with a systematic examination of the empirical data to demonstrate this geographic anomaly.
BOkay. Lay out the data.
AConsider a standard single-homed server located in a single data center in Virginia. If we execute a trace route from a machine in Singapore to that specific Virginia server, we can track the latency packet by packet.
BA long trip.
AVery. It takes roughly 233 milliseconds for the packet to arrive. We can literally read the router host names along the path like a boarding pass stub.
BOh, I love doing that. You see Tokyo, then LA.
APrecisely. Tokyo at 75 milliseconds, Los Angeles at 185 milliseconds, finally arriving in Ashburn, Virginia at 231 milliseconds. The packet demonstrably crosses the Pacific Ocean and the North American continent.
BWhich, you know, makes perfect sense. It's a massive physical distance from Singapore to Virginia. The data has to physically travel through fiber optic cables sitting at the bottom of the ocean and the speed of light and glass has a hard limit.
ACorrect. The physics are undeniable. And if we execute a trace route to that exact same Virginia server from a machine in London, it takes 77 milliseconds.
BRight.
AThe path goes from London to Newark to Ashburn across the Atlantic Ocean. This reinforces the routing reality you currently accept a packet has a single destination and reaching it incurs a latency cost directly proportional to physical distance.
BYeah, you pay for the distance you travel. Simple enough.
ANow observe the behavior of the IP address 1.1.1.1.
BOkay, Cloudflare's DNS.
AYes. When we ping 1.1.1.1 from Singapore, the response time is a mere 1.4 milliseconds.
BWait 1.4?
AYes. And when we ping that exact same IP address 1.1.1.1 from London, the response time is 0.9 milliseconds.
BOh, wow.
AA 200-fold difference compared to our Virginia server. Furthermore, the trace route reveals an even more fascinating detail. The packet originating in Singapore never actually leaves the city.
BIn the city of Singapore?
AYou're kidding.
BI am not and the packet originating in London never leaves London.
AOkay, wait. Let's pause right there. If the server is in one place and I'm pinging it from two opposite sides of the planet, getting sub two millisecond response times in both locations just defies physics.
BIt appears to, yes.
AUnless these packets are somehow traveling faster than light, what is happening? Wait, are they using copies that magically sync or is this a longest prefix match trick?
BExplain your hypothesis.
AWell, normally a router obeys specificity, right? If a router has two paths in its table, say, a broad slash 24 subnet and a highly specific slash 25 subnet, the slash 25 wins because it's a smaller, more precise target.
BThat is standard routing logic, yes.
ASo is Cloudflare just injecting hyperspecific routes in local regions to override a global route?
BWell, a perfectly reasoned hypothesis based on standard routing behavior, but incorrect in this instance.
AOh, man, really specificity is not doing the work here.
BThere is no slash 25 beating a slash 24.
ACloudflare is advertising the exact same slash 24 prefix one dot one dot one dot zero slash 24 from more than 300 different cities simultaneously 300.
BYes, there are 300 separate geographic origins for one single route 300 physical locations, all raising their hands to the global routing table and saying, Hey, I am one dot one dot one dot one, all at the exact same time.
AIndeed, that sounds like it should create a massive collision.
BThat is the illusion of the single destination.
AThis is where your mental map must adjust.
BWhen a router in Singapore receives a packet destined for one dot one dot one dot one, it simply consults its border gateway protocol or BGP routing table for the lowest cost shortest path.
ARight, because Cloudflare is advertising the route from a data center physically located in Singapore.
BThe router chooses that path. It is merely a few hops away and the router in London does the exact same calculation independently and finds a path that stays within London.
ABGP is doing exactly what it was engineered to do routing based on cost and distance.
BOh, wow. So the router in Singapore doesn't care and probably doesn't even know that there are 299 other locations claiming the exact same address.
AIt is entirely ignorant of them. Yes. It just looks at its table, sees a route that is two milliseconds away and say, Yep, that's the cheapest path. I'm handing the packet off.
BIt's entirely oblivious to the global redundancy.
APrecisely in standard enterprise networking, you are conditioned to think regionally.
BHopcount is treated as basic plumbing within a confined finite shape.
ARight, point a point B. But when you scatter 300 origins for one exact prefix across the entire globe, Hopcount stops being basic plumbing.
BIt becomes a literal geographic map. A geographic map. I love that analogy.
AEvery router on Earth simply hands the packet to the nearest origin because it is the cheapest route cost equals distance. The nearest copy wins.
BThat, strictly speaking, is the fundamental definition of anycast.
AThat is absolutely fascinating. And I can see why the latency is basically zero, but I can already hear the objection from anyone listening who manages a corporate network.
BOh, yeah, people usually file anycast away under the category of hyperscaler magic.
ALike, sure, Cloudflare can do that because they have a billion dollar budget in their own global backbone.
BCommon misconception. Right. Or sure, that's how the DNS root servers at eight dot eight dot eight or nine dot nine dot nine dot nine work.
ABut if I am just a network engineer running a standard enterprise environment, I don't have hyperscaler money. Does this actually apply to my work?
BIt applies profoundly. This is the most crucial practical application of the knowledge within McCutcheon's article.
AOh, really? Anycast is perfectly executable within a private enterprise network using standard RFC 1918 space.
BWait, just regular private IPs. Exactly. That is the private IP space you already own and control your 10 dot networks. You're 192 dot networks.
AYou do not need to be a global hyperscaler to leverage the fundamental geometry of the network.
BReally? You can just build this internally. I'm guessing it just requires your internal routers to act the same way the Internet backbone does.
AIndeed. The fundamental recipe requires merely a single IP address and two or more origins.
BOkay, walk me through it. Let us examine a precise enterprise application. Imagine standing up an internal DNS resolver.
AYou need a highly available IP for your client machines to query. You assign it the IP address 10 dot 10 dot 10 dot 53.
BOh, wait, I have to jump in here using 10 dot 10 dot 10 dot 53 for DNS server is brilliant because DNS operates on UDP port 53.
AExactly. It is a deliberate and highly efficient choice.
BI love that. By integrating the required port number into the IP address itself, network engineers never have to consult documentation or a wiki to remember what service that IP provides.
AThe function of the address is permanently embedded in the identifier. It's so incredibly clean. You see the dot 53 and your brain immediately registers DNS.
BOh, okay. So we have our internal DNS designated at 10 dot 10 dot 53. What is the next step to make it anycast?
AYou configure your network to advertise that exact same address 10 dot 10 dot 10 dot 53 from a router in every single one of your data centers.
BOkay. Now every client device across your entire corporate network points its DNS configuration to that one single private IP.
AWhen a laptop in your New York office queries 10 dot 10 dot 10 dot 53, the network naturally routes the packet to the New York data center because it's closest.
BYes. And when a server in Tokyo queries, the exact same IP, the network routes it to the Tokyo data center because the corporate network is just following the shortest path on your internal routing map.
AThe exact same way BGP did it globally. The traffic naturally falls into the closest bucket.
BCorrect. And this becomes exceptionally powerful for services that strictly mandate an IP address configuration rather than a host name.
ALike what? Consider logging infrastructure like syslog or timing protocols like NTP.
BIn modern networks, we frequently discuss global server load balancing or GSLB for steering traffic to the nearest healthy site.
ARight. GSLB is the standard playbook. You have a DNS name like logs dash.company.com and if the East Coast data center goes down, the GSLB dynamically updates DNS to point that host name to the West Coast IP address.
BThat is the standard playbook. Yes. But it has a fatal flaw for specific infrastructure.
AGSLB relies entirely on DNS resolution. When you configure a core network switch or a firewall to forward its syslog data, the configuration field almost always requires a raw IP address.
BIt will not accept a fully qualified domain name. It cannot perform a DNS lookup, which is a massive operational pain.
ABecause if that single syslog collector dies, DNS can't save you. You literally have to SSH into hundreds of core switches and manually update the IP address to point to the backup server.
BYes. Manual intervention. During an outage, that is the last thing you want to be doing.
AExactly. It is highly inefficient operational burden. But if you make your syslog collector's IP in anycast address advertising the same raw IP from multiple data centers, every router in your fleet ships its logs to one single unchanging address.
BOh, that is so smart. The underlying network geometry automatically ensures the packets land at the nearest healthy collector. Zero client reconfiguration is required during a site failure. The IP simply moves.
AOkay. I am totally tracking with the benefits here. But let's talk about the elephant in the room. Any network engineer listening right now is having their alarm bells go off regarding asymmetric routing.
BAh, yes. The inevitable panic. Right. If you're advertising the same IP from two places, what happens when an internal routing path recalculates or flaps mid session?
AThe traffic suddenly lands at the alternative data center and the stateful firewall sitting in front of that backup data center has never seen the initial TCP SYN packet.
BIt has no idea what this connection is. So it just drops the packet cold as a security violation. Panic ensues.
AWell, that panic is an entirely emotional reaction to a mathematical reality that in many cases does not apply.
BEmotional. All come on. It is. We must dismiss this objection by strictly separating a layer three network phenomenon from a layer four application reality.
AA layer three objection to a layer four reality. Okay. That's a sharp way to phrase it. Walk me through that distinction.
BLook at the specific protocols we have been discussing. This log is transported over UDP. Network time protocol or NTP is UDP DNS queries are predominantly UDP.
AThese are by definition, stateless protocols. Right. There is no TCP handshake. There is no SYN, SYN-ACK, ACK.
BPrecisely. There is no session state to break. A UDP transmission is just a stream of independent datagrams.
AIf a routing path shifts dynamically in the middle of a transmission, the next datagrams simply lands at the alternative site.
BAnd the server doesn't care. The receiving syslog collector does not care that it did not see the previous datagrams.
AThe firewall does not need to maintain a complex state table. There is absolutely no downside for stateless services.
BFor UDP, anycast is a structurally perfect solution. Okay. Stateless makes total sense. UDP over anycast is a home run.
ABut what about TCP? What if I am running a stateful application? Surely that breaks the second the route flaps, right?
BOnce again, we must rely on data rather than anxiety. Even stateful TCP connections ride. Anycast perfectly fine provided you understand the environment.
AWait, really? Yes. The TCP session only breaks if the path physically moves underneath it midstream.
BThe hyperscalers operating on the public internet have to perform incredibly complex engineering feats to maintain state across anycast,
Abecause public internet routes are highly volatile. They flap constantly. Right. But our internal enterprise networks aren't the chaotic public internet.
BExactly. In a properly designed stable enterprise core network, routes do not randomly flap for no reason. The topology is controlled.
AThat's true. If a path changes, it is almost always because a physical failure occurred, or a planned maintenance failover was executed.
BIn those scenarios, the original destination is gone anyway. Oh, right. The server is dead anyway.
AExactly. The TCP sessions are going to reset regardless. And resetting and reestablishing the connection to the new, healthy site is exactly the desired behavior.
BInside a stable enterprise, anycast for stateful services is fundamentally sound.
AThat is a huge paradigm shift. We've been so conditioned to be terrified of asymmetric routing issues that we avoid anycast entirely for internal infrastructure.
BBut you're saying the internal network is stable enough that the boogeyman just isn't real.
AIt is an exaggerated fear that prevents elegant design. However, there is one critical architectural requirement we must address to make this functional.
BOkay. What's the catch? If you simply advertise an IP from two data centers using basic static routes, you introduce a severe systemic risk to your environment.
AI was actually just thinking about this. Let's map this out. Let's say I can figure my core routers to advertise my syslog IP from both my East Coast and West Coast data centers using static routes.
BA dangerous proposition. Right. Because what happens if the physical server hosting the syslog collector on the East Coast completely crashes, but the router in front of it is still powered on?
ADoesn't the network just keep blindly sending traffic straight into a dead end because geographically it's still technically the nearest advertised route?
BYes. You have essentially built a highly efficient mechanism for discarding your own data.
AYes. Utilizing static routes for anycast is a critical error. A static route is a rigid, unyielding promise to the network that a condition will be true forever.
BWhich is never true in IT. Never. If you configure a static route, the router will happily continue advertising that path to the rest of the company regardless of the application's actual health.
AAs McCutcheon astutely notes in the workshop material, if you do this, you did not build redundancy. You simply built a faster way to lose your logs. It will politely hold the door open for traffic long after the data center is on fire.
BWhich completely defeats the purpose. We want the redundancy to be intelligent. We want the route to know when to quit and get out of the way. So how do we fix that? What is the missing mechanism?
AThe solution is what the author terms the second stitch of anycast design. Is a mechanism known as route health injection, or RHI.
BRoute health injection to get breakdown the mechanics of how that works in a real deployment.
AInstead of pointing a static route directly at a server, you place your anycast IP, often referred to as a virtual IP, or VIP behind a load balancer at each site.
BOkay, a load balancer. This is crucial because a load balancer is explicitly designed to monitor the layer 4 and layer 7 health of the underlying services it manages.
AWith route health injection, the load balancer is configured to dynamically inject the route into your core routing protocol, such as OSPF or BGP, but only while the service is actively passing health checks.
BOh, I see the architecture now. The load balancer acts as a like a real time translator between the application's actual health and the network's routing table.
APrecisely, if the syslog service at the East Coast site crashes, the load balancer detects the failure within milliseconds. Because of the route health injection protocol, the load balancer immediately withdraws the route advertisement from the local router.
BWow, so the dead site literally removes itself from the map. It ceases to exist routing-wise.
AThe local router stops advertising the anycast IP to the rest of the company, which means the surrounding network instantly recalculates, realizes the West Coast data center is now the only valid path to that IP, and seamlessly redirects all the traffic across the country.
BYes. And the moment the East Coast server reboots and passes its health check, the load balancer injects the route back in and traffic naturally flows back to the closest point.
AYou have correctly deduced the entire lifecycle. If we synthesize these mechanisms, what is the net result?
BIt's beautiful, is what it is. And anycast prefix combined with route health injection ensures nearest and alive redundancy.
AIt provides automated failover for free, leveraging the native protocols of the network, and just as importantly, it requires zero cross-functional friction.
BRight, because you don't need to involve the server team.
AYou do not need to force your syslog administrators or your DNS teams to learn the intricacies of BGP routing.
BThat is the true beauty of this design. The application teams just get the one single highly available IP address that they wanted in the first place.
AThe load balancer and the network layer handle all the heavy lifting of making sure that IP always points to a living breathing server.
BIt completely decouples the complexity.
AIt abstracts the complexity entirely into the network layer where the mechanisms to handle distance and availability already natively exist.
BI have to say, looking at it through this lens, anycast is an absolute revelation for enterprise network design.
AIt is remarkably efficient. We spend so much time building complex clustering software, configuring heartbeat links across data centers, and wrestling with VRRP setups
Bwhen we could just be using the fundamental geometry of the network to do the exact same thing, but cleaner.
AAnycast isn't just a party trick for hyperscalers. It's an elegant, clean solution that every enterprise engineers should be using to make their infrastructure more resilient.
BI am overwhelmingly positive about applying this.
AA sound and well-supported conclusion. To summarize the core thesis of our deep dive today, your mental map must evolve.
BA route does not have to live in one fixed location.
ANo.
BFurthermore, a route that does not know when to withdraw itself is not true redundancy.
ASame prefix, many origins, nearest healthy one wins.
BIt's just brilliant in its simplicity.
AIt is structurally sound, and while before we conclude our analysis, I will leave you listening with one final, provocative thought to process regarding the future of this architecture.
BOkay. What do you have?
AWe have thoroughly discussed how anycast allows us to seamlessly abstract geographic failure at the network routing layer for data streams like syslog and DNS.
BBut consider the trajectory of our industry. If we can abstract data destinations so cleanly, what other traditionally fixed IT assets might we eventually abstract purely through network layer geometry?
AOh, that's an interesting angle. Like what specifically? Imagine edge compute instances or highly specialized, incredibly expensive AI inference nodes.
BOkay.
AWhat if, instead of relying on heavy, complex application layer load balancing software to find an available GPU for an AI workload, we simply request inference from a single anycast IP?
BWait.
AThe network routing layer utilizing route health injection based not just on up or down status, but on GPU utilization metrics automatically routes your request to the nearest idle compute node bypassing the application layer entirely.
BOh my gosh, network native AI load balancing using BGP to find an available GPU.
AThat is wild to think about, but it makes total sense based on everything we discovered.
BIt is merely the mathematical extension of the principles we have discussed. Your previous mental map was flawed because you believed an x-ray of your network showed a single physical destination for every IP address.
ARight.
BBut as we've proven today, that x-ray machine was broken. The map is not a set of fixed points on a board. It is a fluid geometry of cost, distance, and health. Adjust your map accordingly.
Every engineer carries a map of how things work. You didn't sit down and draw it. It assembled itself over years — every outage, every config, every 2 a.m. fix laid down another road, until the map got so familiar you stopped seeing it as a map at all. It's just how the world is.
Most of it is right. But here and there, baked in so early you never thought to question it, sits an assumption that isn't — and because everything around it works, the wrong part never gets caught. It just sits there, quietly deciding what you think is possible.
A stitch is how you fix one of those without tearing up the map.
If you've ever live-patched a running kernel, you know the feeling already: you don't reboot the machine, you don't rebuild everything it knows. You reach in, change one thing while it's still serving traffic, and the system keeps going — a little more correct than it was a second ago. A stitch does that to the map in your head. Not a lecture. Not a re-education. One assumption, swapped in place, and everything downstream quietly re-tensions around the new thread.
These are short by design. Most are a single stitch; a few are two. You should walk away a few minutes later having relearned nothing, and seeing one thing you can't unsee.
This one's about routing. You know routing — that's the whole point. So let me find the thread.
The assumption, the one you've never said out loud because it has never once failed you: a route lives in one place.
The patch: what if the same route were advertised from more than one router?
Don't take it on faith. Watch it.
Here's a traceroute to 1.1.1.1 from a box in Singapore:
1 0.6 ms gateway (Singapore)
2 0.6 ms ae-1.br01.sin-01.sg.leaseweb.net
3 1.3 ms be-1001.br02.sin-10.sg.leaseweb.net
5 0.9 ms 13335.sgw.equinix.com ← Equinix, Singapore
7 1.4 ms one.one.one.one (1.1.1.1)
Seven hops, every one inside Singapore. The packet never left the city.
Now the exact same IP, from London:
1 0.3 ms gateway (London)
8 1.0 ms be103.lon-thw-sbb1-nc5.uk.eu ← London
12 0.8 ms 141.101.71.47
13 0.9 ms one.one.one.one (1.1.1.1)
Also local. Lands in London. Same address — 1.1.1.1 — and from Singapore the path stays in Singapore, from London it stays in London. Two packets bound for the identical IP, and neither crosses an ocean to reach it.
Hold onto that, because it should bother you. Here's what a route to one place actually looks like.
This blog runs on a single box, in one DreamHost datacenter in Virginia. One home. Singapore reaching it:
6 1.4 ms ...sngpsi07.sg.bb.gin.ntt.net ← Singapore
7 74.7 ms ...tokyjp05.jp.bb.gin.ntt.net ← Tokyo
8 185.5 ms ...lsanca07.us.bb.gin.ntt.net ← Los Angeles
9 231.5 ms ...asbnva02.us.bb.gin.ntt.net ← Ashburn, Virginia
13 239.6 ms dreamhost.com (208.113.156.222)
Read the hostnames like a boarding-pass stub. Singapore. Tokyo, 75 milliseconds in. Los Angeles, 185. Ashburn, 231. You can watch the packet cross the Pacific and the whole continent. That's a route to one place. It costs what the distance costs.
From London, same box:
8 1.1 ms be103.lon-drch-sbb1-nc5.uk.eu ← London
11 76.9 ms ae1.cr1.lhr15.uk.eth.zayo.com ← London → out
13 75.1 ms ae4.cr1.ewr1.us.zip.zayo.com ← Newark
16 75.7 ms ae13.er2.iad93.us.zip.zayo.com ← Ashburn/DC
20 76.5 ms vps54543.dreamhostps.com ← Virginia
London, Newark, Ashburn — across the Atlantic and down to Virginia, 77 milliseconds. Different path, same single box.
That's normal. That's the routing you know: a packet has somewhere to be, and getting there takes as long as the distance demands.
Now set the two side by side. My server in Virginia: 233 ms from Singapore, 77 ms from London. 1.1.1.1: 1.4 ms from Singapore, 0.9 ms from London. Same measurement. A two-hundred-fold difference.
Go check it before you read another word. Point a looking glass at 1.1.1.1 from a dozen cities — check-host.net does it in one click — and watch every city report single digits. Then aim the same tool at any normal single-homed server and watch the distance gradient snap right back. Come back when the numbers have annoyed you enough.
So how does an address answer in 1.4 ms from Singapore and 0.9 from London without breaking the speed of light?
Your first instinct — the honest engineer's instinct — is that it can't, and that advertising one prefix from two places must make a mess. Two origins for one route? Ambiguity. Loops. Something has to give.
Nothing gives. Here's the patch.
Cloudflare advertises 1.1.1.0/24 — that exact prefix — from more than three hundred cities at once. Not copies that sync. The same prefix, originated simultaneously, in hundreds of places. And BGP does what it has always done: every router picks the lowest-cost path to that prefix, independently, locally. The router in Singapore sees a path that's a few hops away, in Singapore. The router in London sees one a few hops away, in London. Each is just choosing the cheapest route it can see — and the cheapest route points at a different machine in each place.
Now I have to stop you, because there's a wrong explanation your brain will reach for. This is not a more-specific route. We're not talking longest-prefix-match, a /25 beating a /24. It is the same /24 everywhere. Specificity isn't doing the work. Cost is. Distance is. Whichever origin is fewer networks away wins, and "fewer networks away" gets decided fresh at every router, all over the planet, at the same time.
If you do enterprise work, this is the part that doesn't fit, and I think I know why. You think regionally. Your network has a shape, and that shape fits inside a country, maybe a region. "Closest route" inside that shape is almost an afterthought — everything's close. So zoom out. Put the whole earth on the table. Scatter three hundred origins for one prefix across it. Now "closest" means something. It means geography. Hop count stops being plumbing and becomes a map. Every router on earth holding a packet for 1.1.1.1 hands it to the nearest copy, because the nearest copy is the cheapest route, and that was the only rule the whole time.
Same prefix. Many origins. Nearest wins. That's anycast. The glass is cracked now — you can't put "one route, one place" back together.
This isn't a Cloudflare trick. It's how 8.8.8.8 works, and 9.9.9.9. It's how thirteen DNS root-server addresses are served by well over a thousand machines. It's how a CDN is always close to everyone. Nobody bent physics. They stopped assuming a route has one home.
And here's the part most engineers miss, because anycast got filed under "hyperscaler" and left there. You don't have to be Cloudflare. You don't even have to be public.
Everything you just watched 1.1.1.1 do, you can do on a network nobody outside will ever see — with an address out of RFC 1918, the private space you already own. Stand up an internal resolver and give it 10.10.10.53. (Dot-fifty-three — name it after the port it answers on, udp/53, and you'll never have to look up what it is.) Advertise that one address from a box in each datacenter. Now every device on your network points its DNS at a single private IP, 10.10.10.53, and each one quietly lands on the nearest resolver. Lose a datacenter and the address re-homes to the survivor — nobody re-types a thing. You just built your own 1.1.1.1, inside your own walls, for free.
That's the leap most people don't make. The trick was never about scale, and it was never about the public internet. It's about advertising one address from more than one place. A /24 and two origins, or a single private /32 and two routers — that's the whole recipe. The smallest version of this fits inside one enterprise.
And it isn't only for resolvers. Once you stop thinking of it as a DNS thing, you start seeing it everywhere you're forced to type an address and can't fall back on a name — where the field wants an IP, full stop. Your router's syslog destination. Your server's syslog config. That one. Internally we love to talk about global load balancing, GSLB, steering to the nearest healthy site — but GSLB is DNS. It answers a name with an address. When I point a router at a syslog collector, I don't get to give it a name and a health check. I give it an address, and that address had better be up.
Make that address anycast. Advertise your syslog collector's IP from both datacenters. Every router and every server ships logs to one single address, and each one's packets land at the nearest collector — no client config, no DNS, no GSLB. Lose a datacenter and the prefix simply stops being advertised from there; every device fails over to the surviving collector without noticing, because the address never changed. One IP, everywhere, nearest wins, failover for free.
Now, if you're any good, a reflex just fired: asymmetric routing and firewall state tables. Flip a BGP path mid-session and the flow lands at the other datacenter, where a stateful firewall that never saw the SYN drops it cold. You're right — and it doesn't matter here. Look at what we're carrying. Syslog is UDP. NTP is UDP. Stateless. There's no session to break; a path shifts, the next datagram lands at the other site, and the collector doesn't care it's never seen this sender. The objection lives at layer 3. The answer lives at layer 4. Site redundancy with no heartbeat link, no VRRP, no cluster — a prefix and two origins.
And don't over-learn that into "anycast is UDP-only." It isn't. Stateful TCP rides anycast fine — the question was never the protocol, it's how volatile your routes are. A TCP session only breaks if the path moves underneath it mid-stream, and in a stable network — which, if you're honest, is your core most of the time — paths don't wander for no reason. A planned failover resets sessions, sure, but that site just died; you wanted them reset. What bites you is routes that flap when nothing's wrong. That's why the hyperscalers do extra work at their scale and churn — and why inside your boringly stable enterprise, stateful anycast is just fine. Stateless services like syslog and NTP are simply the on-ramp: they don't even care if your routing's a mess.
NTP is the same shape with an asterisk — you'd point a device at a handful of time sources for sane tie-breaking anyway (I like five), so anycast NTP is a nice-to-have, not the revelation. Syslog is the revelation. Once you've seen it, you start finding the pattern everywhere a config field demands an address and won't take a name.
The second stitch: a route that knows when to quit
By now you've jumped ahead of me: fine — I advertise the collector's IP from both datacenters, done. Advertise it how? From what?
This is where the first stitch hands you a second one, because the obvious answer is a trap.
You got the traffic to go somewhere. You haven't said what happens when the somewhere is dead.
Anycast routes to the nearest origin. It has no idea whether the service behind that origin is alive. Advertise your syslog VIP from two sites with a pair of static routes, lose the collector at the nearest one, and congratulations — every device in that half of the world cheerfully ships its logs into a black hole, because the route is still there, still nearest, still pointing at a corpse. You didn't build redundancy. You built a faster way to lose logs.
The route has to be tied to the health of the thing behind it. And the device that already knows whether the service is healthy is the one already health-checking it: your load balancer.
This is a real feature with a real name — Route Health Injection. The load balancer already health-checking that VIP originates a route for it, into OSPF or BGP, only while it's healthy. Service up, route advertised. Service down, route withdrawn. Stand the same VIP up behind a load balancer at each site, let each one inject its route based on its own health, and anycast stops being a party trick and becomes production failover: traffic goes to the nearest healthy origin, and a dead site doesn't just stop being chosen — it removes itself from the map.
That's the complete pattern. The anycast prefix is the destination. Route Health Injection is what makes "nearest" mean "nearest and alive." One without the other is either a static black hole or a VIP nobody can reach.
And notice what you didn't have to do. You didn't make the syslog team learn BGP. You didn't make the NTP guys redesign a thing. The service sits behind the load balancer it was already going to sit behind; the load balancer and the network do the anycast. The new behavior lives exactly where the people who already own routing and health live. You're not handing three other teams a new problem — you're handing them the same VIP they already wanted, that now happens to exist in two places at once.
Here's the second stitch, and I'll be gentle: if your instinct was we just put static routes on the load balancers — zoom out again. A static route is a promise that something is true forever. In one datacenter with one pair of boxes, that promise mostly holds and you get away with it. Now picture the enterprise you actually work for: sites on three continents, a service that has to survive any one of them going dark at 3 a.m. with nobody awake. A static route can't withdraw itself. It will hold the door open for traffic long after the room's on fire. Health-injected routes are the difference between an anycast diagram on a whiteboard and an anycast service you'd let carry production.
So your next step isn't "go learn anycast." It's one sentence to your network team: can we health-inject this VIP from a second site? Everything else is a prefix and two origins.
That's the stitch
A small patch, then a second one — not surgery. But they're load-bearing, and now they're in.
A route doesn't have to live in one place. And a route that doesn't know when to quit isn't redundancy. Say both back to yourself and watch what re-settles: global load balancing, DDoS absorption, "how is Google always one millisecond away," the syslog design you're about to redraw on a whiteboard. All of it, the same handful of words.
Same prefix, many origins, nearest healthy one wins.
A stitch in time. Or, to be precise about it, a stitch against it.