Failover Without DNS Latency: BGP Anycast for Critical Infrastructure Platforms

In traditional high availability scenarios, DNS (Domain Name System) is the standard tool for failover. If location A fails, the DNS entry is redirected to the IP of location B. However, in the critical infrastructure world, especially in the control of electricity or gas networks, this approach encounters three critical limitations:

1. TTL Delay: DNS entries are cached worldwide. Even with a low “Time to Live” (TTL), it takes minutes to hours for every client to adopt the new IP.
2. Strict IP Requirements: Many network operators use rigid firewall rules or VPN tunnels programmed to a fixed IP address. Changing the IP at the destination requires coordinated manual work with dozens of customers simultaneously.
3. Client Behavior: Some SCADA systems or IoT gateways permanently cache IP addresses (“Sticky DNS”) and only notice a change after a manual restart.

The solution to this problem is BGP Anycast. Here, the switch from the application level is moved directly to the foundation of the internet: routing.

1. The Principle: One IP, Many Locations

With Anycast, the same IP address is simultaneously “announced” from two or more geographically separated data centers into the internet. The Border Gateway Protocol (BGP) ensures that traffic always takes the shortest path to the nearest healthy location.

• Normal Operation: A user in northern Germany is automatically directed to the data center in Berlin, a user in the south to Frankfurt - both using the same IP.
• The Failover Moment: If the Frankfurt location completely fails (e.g., due to a fiber cut), the system immediately withdraws the BGP announcement for this location.
• The Reaction: Within seconds, global routing “realizes” that Frankfurt is no longer reachable. All traffic automatically flows to the remaining location in Berlin - without changing the IP address and without touching a DNS entry.

2. RTO Under 30 Seconds: Switching at the Network Level

In our critical infrastructure project, the target was a recovery time (RTO) of under 60 seconds. This was impossible to guarantee with DNS-based solutions. By using Anycast, we achieved a switch time of under 30 seconds in tests.

The key advantage: For the customer’s end devices (the network control gateways), it merely appears as a brief network disruption (“Flapping”). Once the route is recalculated via BGP, communication continues over the same VPN tunnel and firewall rule to the new location.

3. Bring-Your-Own-IP (BYOIP) as a Strategic Anchor

For critical infrastructure operators, independence from the provider is essential. With BYOIP, the customer can bring their own IP address space.

• Provider Independence: You are not tied to the IP ranges of a specific data center operator.
• Migration Security: If the platform moves to another provider in the future, the IP addresses remain the same. Customers never have to reconfigure their gateways.

Conclusion: Failover as an Invisible Network Function

By combining BGP Anycast with a multi-region platform, a disaster becomes purely a technical event that requires no human coordination. The platform never “disappears” from the network but merely changes its physical location in the background. This is the technological foundation to not only promise but also deliver the strict availability guarantees in the critical infrastructure environment in case of an emergency.

FAQ

Does Anycast require special hardware at the customer’s site? No. The complexity lies entirely on the platform operator’s side and its peering partners. The customer uses the IP address like any other address on the internet or in the dedicated wide area network.

How is it prevented that traffic “flaps” between regions? Through clever BGP tuning (e.g., AS-Path Prepending), a “preferred” route is defined. This keeps the traffic stable at one location as long as it is healthy and only switches in the event of a real failure.

Does Anycast work with VPN tunnels? Yes, but it requires clean configuration of the tunnel endpoints (termination). In high availability environments, we often use redundant tunnel architectures that harmonize with Anycast routing.

Is Anycast more expensive than classic load balancing? Operating costs are higher because closer collaboration with network carriers and usually owning IP space (AS number) is needed. For critical infrastructure systems, however, this is often the only way to achieve the required RTO times.

How does ayedo support the implementation of Anycast? We take over the network architecture planning, assist with applying for IP prefixes (RIPE), and configure the BGP interfaces between your Kubernetes clusters and the upstream providers.