In my last post, I came up with a solution to run anycast DNS locally within a LAN. This next post extends that concept to provide anycast DNS services across a WAN using BGP on Windows Server 2012 R2. I didn’t personally try it on non-R2 versions as the author of the powershell script said it only worked on R2. The configuration was simple and straight-forward — took only a few minutes.
As with the other approach – the first pre-requisite is to add the Route and Remote access role within Windows Server. Again, the only option I had to turn on when I enabled routing and remote access was the “Custom / LAN routing” option.
After enabling the feature, it was necessary to edit the properties of the server and turn on “IPv4 remote access server” as shown below. The BGP powershell script would not run without it. The second thing I had to enable was IPv4 forward on the IPv4 tab.
At this time, BGP can only be configured in Windows Server using a PowerShell script. There is no other UI or no option that I found within the Routing and Remote Access management tool. The powershell script I used is available for download here. The script comes with a relatively decent manual – however, I noticed the script numerical options were out of order, so the ‘remove route’ choice was not necessarily the menu dialogue for removing a route. You’ll have to test it and learn the options on your own.
The script also is not digitally signed, so you have to allow execution of unsigned scripts.
The basic configuration was straight forward – you initially set a BGP ID (the server’s peering interface) and an ASN. Contrary to the screenshot below, I did not need to enable the ‘Default Gateway Routing option as I wasn’t configuring default routes.
You then configure a BGP peer which in my case was my network’s gateway router. Example is below:
The final step on Windows Server 2012 R2 was to configure prefixes to announce using the ‘Add Route’ option in the powershell script. I simply did not provide an Interface list and just used a prefix list.
> Interface List (comma separated list):
> Prefix List (comma separated list): 220.127.116.11/32
Applying BGP Custom Route settings …
As I had already configured basic BGP on my SRX, the peer came up and routes were announced basically instantly.
I will note a few things:
1) There was no option for BGP security like MD5
2) I tried the ‘Ethernet list’ option just for testing and saw some unusual routes announced (I think a /32 for my broadcast address, if I recall correctly), so I would use this capability with caution.
The default behavior following the SRX config guide above was for the SRX to not export any routes and import every route. So, I chose to not perform any additional import/export configuration on the SRX. As you can see below, Windows only announced the prefixes that I specified.
I found that service loss was not quite as good as using JunOS RPM after performing some reboots to test delay between route announcement or withdraw and the start/stop time of the DNS server. So, if performing routine maintenance, it would be best to proactively enable/disable the routing and remote access service.
I now have two equal cost paths to my anycast DNS server addresses!
18.104.22.168/32 *[BGP/170] 21:10:07, localpref 100
AS path: I
> to 10.0.0.28 via vlan.0
[BGP/170] 21:07:59, localpref 100
AS path: I
> to 10.0.0.29 via vlan.0