Anycast Routing

Google's public DNS server has a single IP address: 8.8.8.8. Millions of people around the world send traffic to that same address every day. And yet, queries from Tokyo resolve in milliseconds, not the 200+ milliseconds it would take to cross the Pacific to a server in California.

The reason is anycast routing — a technique where a single IP address is simultaneously announced from multiple physical locations around the world, and the network itself routes each packet to the nearest one.

Unicast vs Anycast

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.

Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

algobase.dev

Unicast vs Anycast — with unicast, one IP maps to one server in one location. An EU user querying a US-hosted unicast server crosses the Atlantic every time (~180ms latency). With anycast, the same IP address (e.g. 8.8.8.8) is announced from dozens of locations simultaneously. BGP automatically routes each user to the nearest PoP. The EU user hits a European server, the US user hits a US server — both using the exact same destination IP.

1 / 10.5×1×2×3×Playground

Unicast vs Anycast — EU user crosses the ocean for unicast, hits local PoP via anycast

Standard internet routing is unicast: one IP address maps to exactly one physical machine in one specific location. If you send a packet to a unicast IP, every router along the path forwards it toward that one destination.

Anycast breaks this assumption. Multiple servers in different data centers all advertise the same IP address to the internet. Routers see multiple paths to the same destination and, using the Border Gateway Protocol (BGP), choose the shortest one. The result: a user in London reaches the London server, a user in Tokyo reaches the Tokyo server — both using the exact same destination IP without any DNS-level difference.

How BGP Makes It Work

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.

Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

algobase.dev

BGP routing selects the nearest PoP — Border Gateway Protocol is the routing protocol that powers the internet. Every anycast server announces the same IP to its local BGP peers. When your packet reaches an internet router, it consults its BGP routing table and forwards the packet toward the announced prefix with the fewest hops (shortest path). A London user reaches the London PoP in 2 hops; New York and Tokyo PoPs are farther and not selected. If the London PoP goes down, BGP withdraws its announcement and traffic reroutes to Frankfurt within seconds.

1 / 10.5×1×2×3×Playground

BGP routing — London user routed to London PoP in 2 hops, NY and Tokyo skipped

BGP is the routing protocol that runs the internet. Every major network (ISPs, cloud providers, CDNs) uses BGP to advertise which IP prefixes they can reach and over how many hops. When two BGP peers connect, they exchange routes: "I can reach 1.1.1.0/24 in 3 hops."

With anycast, Cloudflare's 1.1.1.1 servers in London, New York, Tokyo, and Sydney each advertise the same prefix (1.1.1.0/24) to their local BGP peers. The internet's routing tables then contain multiple paths to that prefix. Any given router will choose the path with the fewest hops — which, in practice, usually means the geographically closest PoP. If the London PoP goes offline, BGP withdraws its announcement and traffic reroutes to Frankfurt within seconds, without any DNS changes or operator intervention.

Why Anycast Is Used for DNS and CDNs

Anycast is particularly well-suited to two use cases: DNS resolution and CDN edge serving. Both benefit enormously from geographic proximity (DNS lookups need to be < 5ms to not impact page load; CDN cache hits need to be < 10ms) and both are stateless — each request is independent.

For DNS, every major public resolver uses anycast: Google (8.8.8.8), Cloudflare (1.1.1.1), OpenDNS (208.67.222.222). The global distribution means the query reaches a PoP within a few network hops from anywhere on earth.

For CDNs, anycast routes users to the nearest edge node that has cached their content. Cloudflare operates over 250 anycast PoPs globally. Fastly and Akamai work the same way.

DDoS Mitigation

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.

Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

algobase.dev

DDoS absorption — anycast naturally diffuses volumetric attacks. A 25M req/s DDoS attack from a globally distributed botnet gets split by geography: US bots hit the US PoP, EU bots hit the EU PoP, Asian bots hit the Asian PoP. Instead of one server facing 25M req/s, each PoP absorbs a fraction. This is why Cloudflare, which operates 250+ anycast PoPs globally, can absorb terabit-scale DDoS attacks that would instantly saturate any unicast target.

1 / 10.5×1×2×3×Playground

DDoS absorption — 25M req/s botnet split by geography across US, EU, and Asia PoPs

One major architectural benefit of anycast is passive DDoS absorption. A volumetric DDoS attack floods a target IP with traffic — the attacker's goal is to saturate the link capacity of a single destination.

With anycast, the same attack is physically split by geography. A botnet distributed across three continents that generates 30M requests per second will be routed by BGP to the nearest PoP: US bots hit the US PoP, EU bots hit the EU PoP, Asian bots hit the Asian PoP. Instead of 30M req/s hitting one server, each PoP absorbs a fraction. Cloudflare has used this to absorb terabit-scale DDoS attacks that would instantly saturate any single unicast target.

The Stateful Connection Problem

Anycast is not suited for stateful, long-lived connections. Internet routing is dynamic — BGP routes shift as links become congested or unavailable. Two packets sent from the same client to an anycast IP might technically be routed to different PoPs if a routing change occurs mid-stream.

For stateless protocols like UDP (which DNS uses) or short HTTP/1.1 requests, this is fine. For long-lived TCP connections — WebSocket sessions, large file uploads, database connections — a mid-stream PoP switch breaks the connection entirely. The kernel on each PoP maintains independent TCP state and has no knowledge of connections established on another PoP.

This is why CDNs use anycast only at the edge, then use unicast or dedicated tunnels to forward traffic back to origin servers. And it's why anycast is not used for general-purpose application servers.

Summary

Anycast assigns one IP address to servers in multiple locations simultaneously. BGP routes each packet to the nearest server, reducing latency and providing automatic geographic failover. It's the routing mechanism behind global DNS resolvers, CDN edge networks, and DDoS scrubbing infrastructure.

The constraint is statefulness: anycast works for UDP and short-lived TCP requests, but is inappropriate for connections that need to maintain state across multiple packets over time.