My IP Help

Anycast

A routing technique where multiple servers in different locations share the same IP address, and the internet's routing protocols automatically direct users to the nearest one.

Last updated:

What is anycast?

Anycast is a network addressing technique where the same IP address is advertised from multiple geographic locations, and the internet's Border Gateway Protocol (BGP) routes each user's packets to the nearest (by BGP distance) of those locations. The user doesn't know, and doesn't care, which physical server handled their request — they just see one address that happens to be very fast.

Contrast this with:

  • Unicast — one-to-one: each IP identifies exactly one host
  • Multicast — one-to-many: one sender, a group of identified receivers
  • Broadcast — one-to-all on a local network segment

Why anycast matters

Anycast is the backbone of modern internet infrastructure. Almost everything you rely on uses it somewhere:

  • Public DNS resolvers — 1.1.1.1 (Cloudflare), 8.8.8.8 (Google), 9.9.9.9 (Quad9) are all anycast. Each of those IPs represents hundreds of datacenters worldwide, and your query lands at the closest one
  • Root DNS servers — all 13 "root server letters" (A through M) are anycast, with hundreds of physical instances
  • CDNs — Cloudflare, Fastly, and Akamai use anycast for their edge network so requests land at the nearest POP
  • DDoS mitigation — an anycast network naturally absorbs DDoS traffic because the load spreads across every POP, instead of concentrating on one datacenter
  • Cloud load balancers — AWS Global Accelerator and Google Cloud Global Load Balancing use anycast to route users to the nearest region

How anycast works underneath

Every advertising location announces the same CIDR block into BGP from its own ASN. When another network wants to send traffic to any address in that block, BGP picks whichever of the advertising routes looks shortest according to its configured policy (typically AS path length, local preference, and MED).

One consequence: different users see different "nearest" instances. Two users asking 1.1.1.1 from different continents hit different datacenters. This is also why anycast doesn't work well for long-lived stateful connections — a BGP route change mid-connection can silently shift the destination server and break the TCP session. Anycast is used primarily for stateless protocols like DNS, or with careful session affinity for HTTP and TLS.

Frequently Asked Questions

"Nearest" is decided by BGP, not geography. Each router on the internet computes the shortest path to a prefix using its configured policy — typically AS path length, local preference, and MED. So "nearest" usually means "fewest network hops away" rather than "shortest physical distance". Most of the time those align, but a transcontinental cable with low AS hop count can win over a closer-but-poorly-connected POP. Operators tune their announcements to influence which POP wins for which user populations.
DNS is stateless — each query is independent and small enough to fit in one UDP packet — so it tolerates anycast's main drawback (route changes mid-connection break stateful sessions). Public DNS resolvers (1.1.1.1, 8.8.8.8, 9.9.9.9) and authoritative DNS providers route every query to the nearest POP, which collapses worldwide DNS latency to single-digit milliseconds. The 13 root server letters (A through M) are themselves anycast across hundreds of physical instances.
It works, but with caveats. The risk is that a BGP route change mid-session silently shifts the destination server, breaking the TCP and TLS state. CDNs that anycast HTTP (most of them) accept this by either keeping POPs stateless via shared origin storage, using session affinity tricks at the load balancer, or terminating the connection on a route change and relying on the client to retry. For long-lived WebSocket-style connections, anycast is rarely used directly — a unicast handoff happens after initial steering.
A load balancer takes a single endpoint (one IP, one POP) and distributes traffic across multiple backend servers behind it — the splitting decision happens at the application layer. Anycast distributes a single IP across multiple POPs in different geographies — the splitting decision happens at the network layer via BGP. The two complement each other: large services use anycast to steer users to the nearest POP, then a load balancer at that POP distributes traffic across the backend servers there.
An anycast network naturally splits attack traffic across every POP that announces the target IP — instead of all the attack volume hitting one datacenter, it gets divided across hundreds. A 2 Tbps attack landing on a 200-POP anycast network averages just 10 Gbps per POP, which is well within most facilities' capacity to absorb. This is why all major DDoS-mitigation providers (Cloudflare, Akamai, Imperva, AWS Shield) build on anycast as their first line of defense.
Back to glossary