The problem that SAND addresses is that DNS operators have very few intelligent real-time tools that enable them to monitor their anycast services, for instance during a DDoS attack. The importance of proper and informed management of anycast services has been highlighted by the DDoS events targeting Brian Krebs’s website (Sep. 2016), OVH (Sep. 2016) and Dyn (Oct. 2016), and the Root DNS system (Nov. 2015). These attacks show a trend of extremely powerful DDoS attacks, using IoT-based botnets and that can target not only commercial services, but also critical Internet infrastructures, such as the DNS system. DDoS attacks incur severe financial losses to target services. However, most companies worry much more about the reputation damage of having reachability and availability of their services compromised by a DDoS. With intelligent tools operating in real-time, recovery from an ongoing DDoS attack will be facilitated and accelerated, thus reducing the initial impact of the attack on the reachability and performance of the targeted service.


The goal of SAND is to develop, prototype, and evaluate an intelligent and measurement-based recommendation tool for operators of anycast services that enables them to manage their DNS anycast network in real-time, for instance to optimize performance and handle the initial impact of DDoS attacks until proper traffic filtering is put in place.


  • A comprehensive study of the relationship between Internet routing and anycast services (latency and catchment).
  • A prototype of the SAND anycast recommendation tool, which helps anycast operators to understand and manage the impacts of traffic load and anycast deployment (e.g., anycast instance addition or removal, and routing policies change) modifications to the anycast service operation.
  • Visualization tools (e.g., statistics, graphs) based on the recommendation tool to support the operation and management of anycast deployments.