Per-Entity Metadata Working Group

[Scott Koranda <>]

Hi Thomas,

> I guess CDNs in combination with IP Anycast could be a suitable approach.
> The single IP Anycast address should avoid the issues with for Java and
> libcurl Scott brought up.

Scott Cantor asked Brent Putman to look in detail at the Java
situation. You can see his detailed reply at

http://marc.info/?l=shibboleth-dev&m=147639642710536&w=2

In short it appears that Java "does the right thing".

We also have "hints" that libcurl "does the right thing". See
for example this code in GitHub:

https://github.com/curl/curl/blob/master/lib/connect.c#L1156

More research and testing with libcurl would be helpful if
anyone has time.

Having written all that...

> A quick Google search provided the following three CDNs that offer IP
> Anycast:
>   https://blog.cloudflare.com/a-brief-anycast-primer/
>   https://www.maxcdn.com/blog/anycast-ip-routing-used-maxcdn/
>   https://www.keycdn.com/support/anycast/
> 
> What do you think about this approach?

I think anycast CDNs should also be considered.

LIGO has some limited experience with anycasting. We didn't
investigate CDNs using anycasting but we did set up a test/dev
tier of IdPs with anycasting to test an approach to "global
HA".

It looked like it would work well for us but then the people
with the knowledge left the project so the approach has been
put on hold for the time being.

Thanks,

Scott K for LIGO