The DNS of Things

Editor's Notes

• #3: Key Points: IT challenges are growing at exponential rates Most of these challenges are external forces pushing in on IT The challenges are a mix of both apps and infrastructure – mobile apps and BYoD tax both the app and network infrastructure However the solutions are typically siloed, focused on solving very specific issues without addressing the larger problems as a whole These technology shifts, many of which are creating market transitions. Creating a great opportunity for solutions. For example, Users no longer work from the office. Today, they work for anywhere, at any time, one any device, and corporations needs solutions for a mobile work force The rise of the Cloud and Software Define Data Center….means that applications are equally portable and require a new set of solutions to ensure they’re fast, secure and available With such changes, there are new forms or threats…from simple FW solutions, to DDoS (volumetric and application centric), to malware, fraud and much more Lets not forget Software Defined “Everything”, customer want a much more agile infrastructure and orchestration and manageability. At a push of a button they want to orchestrate the whole stack. Clearly, there will be more devices and traffic. Demanding more diameter signaling, security and QoE And last, let not forget the HTTP is the new TCP. HTTP is the web protocol and therefore your network infrastructure needs to be aware of the session flows and messages, which requires intelligence beyond the traditional layer 3 solutions All these solutions are having dramatic implications on applications an the users that access them.
• #4: The Domain Name System (DNS) is arguably the core technology enabling the Internet. DNS translates the names people type into a browser into an IP address so the requested service can be found on the Internet. It is one of the most important components in networking infrastructure that enables people and services to find and access applications. If DNS goes down, most web applications will fail to function properly. Since DNS is a critical component for available applications, answering every query on how to find your favorite web sites, it is critical to have an available, intelligent, secure and scalable DNS infrastructure. The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. A Domain Name Service translates queries for domain names (which are meaningful to humans) into IP addresses for the purpose of locating computer services and devices worldwide. An often-used analogy to explain the Domain Name System is that it serves as the phone book for the Internet by translating human-friendly computer hostnames into IP addresses. For example, the domain name www.example.com translates to the addresses 192.0.43.10 (IPv4) and 2620:0:2d0:200::10 (IPv6).
• #5: *Internet of Things and DNS (Lori Mac Vittie, F5 Networks, 2014) https://devcentral.f5.com/articles/the-internet-of-things-and-dns#.Us9hUJCA1eh **Cisco’s John Chambers interview at CES 2014: http://www.forbes.com/sites/connieguglielmo/2014/01/07/ces-live-cisco-ceo-chambers-to-deliver-keynote/ ***Last 5 years, DNS queries 100% growth (.com/.net) – VeriSign, 2011/12
• #6: http://www.verisigninc.com/assets/infographic-dnib-Q12014.pdf http://www.verisigninc.com/en_US/innovation/dnib/index.xhtml
• #10: Source: “most (76%) mobile users will wait 10 seconds for a page to load on their smartphone..” http://www.bizreport.com/2013/06/study-mobile-users-will-wait.html – SOASTA 2013 Website and Mobile App Report Source: Every 100ms delay costs Amazon 1% in sales. – Greg Lindon, Amazon Source: Last 5 years, DNS queries 91% growth (.com/.net) – VeriSign, The Domain Name Industry Brief 2013 (Q4 2013 and FY 2013 highlights), http://www.verisigninc.com/en_US/innovation/dnib/index.xhtml Source: Active Websites, December 2013 Web Server Survey: http://news.netcraft.com/archives/category/web-server-survey/ - 861 million total sites, 184 million active sites.
• #11: Conventional DNS deployments require several layers of infrastructure and can only handle up to 200,000 DNS queries per second per server. Organizations that need higher DNS performance must add more DNS servers. Often, there is weak DNS DoS/DDoS protection and the protection that is in place, a network firewall, can be a traffic bottleneck itself. In addition, this solution often requires manual intervention for changes and traditional DNS servers are patched frequently, primarily for vulnerabilities. Any errors could have a high impact on site availability. The F5 Intelligent DNS Scale reference architecture is leaner, faster, and more secure on top of offering massive performance. BIG-IP can handle over 10 million query RPS; that’s 123 requests per day from every person on earth. Additionally, it offers unmatched DNS D/DoS protection and since BIG-IP is ICSA firewall certified, organizations can collapse multiple firewall tiers in the DMZ. Less equipment to purchase, manage and support. Plus, BIG-IP offers easy DNS management that integrates with your existing infrastructure. Error checking, auto population of protocols, and importation of zones help eliminate any downtime from DNS errors. The paradigm shift message is about challenging the conventional thinking of placing a DNS in a DMZ sandwiched by firewalls. The F5 DNS solution is ICSA certified and allows you to place it on the outside of your firewall. It performs firewall functionality and can serve authoritatively by zone transferring from your existing DNS server. You can retain the DNS server for management, making it an easy migration (use your existing DNS tools, etc). The customer benefits from an ultra-high performance solution which incorporates a firewall and DNS services. Unlike the conventional model, it does not suffer from firewall bottlenecks. The F5 solution scales, in a single box, to 20M query RPS. This results in much lower OpEx and CapEx while delivering much higher performance and protection.
• #12: BIND is an open-source project maintained by Internet Systems Consortium (ISC). ISC is a non-profit organization with a for-profit consulting arm called DNS-CO, which offers five levels of subscription that range from $10,000 to $100,000 annually. Despite its popularity, BIND requires significant maintenance multiple times a year primarily due to vulnerabilities, patches, and upgrades. It can be downloaded freely, but needs servers (an additional cost, including support contracts) and an operating system. In addition, BIND typically scales to only 50,000 responses per second (RPS), making it vulnerable to both legitimate and malicious DNS surges.
• #13: BIG-IP GTM is a full DNS server and handles requests on behalf of the main DNS server. DNS Express manages authoritative DNS queries by transferring zones to its own RAM. In this architecture, BIG-IP GTM only has to open the DNS query packet as long as the request is for an address that is in the zone that was transferred to DNS Express. DNS Express simplifies a single processing instance of the DNS query to significantly improve the performance of your DNS. With DNS Express, BIG-IP can handle to 10 million query responses per second, over 12X the capacity of what a primary DNS server can handle and about 3X what the competition can offer. The F5 Intelligent DNS Scale reference architecture allows organizations to place BIG-IP in the DMZ. It performs firewall functionality and can serve authoritatively by zone transferring from your existing DNS server. You can retain the DNS server for management, making this an easy migration.
• #14: When a user requests a web page, the requests access local DNS services and these in turn communicate with the main DNS servers. This is not a problem until a hacker floods the server with DNS requests. Instead of purchasing additional DNS servers, put BIG-IP GTM in front of your main DNS server. The F5 Intelligent DNS Scale reference architecture also helps keep your content and applications available by responding to DNS queries from the edge of the network, rather than from deep within your critical infrastructure. When you offload DNS responses to the BIG-IP platform, no request reaches the back end of your network, which greatly increases your ability to scale and respond to DNS surges along with protecting your DNS infrastructure. By increasing the speed, availability, scalability, and security of your DNS infrastructure, the F5 Intelligent DNS Scale reference architecture ensures that your customers—and your employees—can access your critical web, application, and database services whenever they need them. Instead of worrying about DNS outages and purchasing additional DNS infrastructure to combat surges, simply place BIG-IP in front of your primary DNS server. It’s a full DNS server and handles requests on behalf of your main DNS server. The architecture of the F5 Intelligent and Scalable DNS services is optimized by the specifically designed DNS Express query response module. DNS Express manages authoritative DNS queries by transferring zones to its own RAM. In this architecture, F5 DNS Services only has to open the DNS query packet once, as long as the request is for an address that is in the zone that was transferred to DNS Express. DNS Express simplifies a single processing instance of the DNS query to significantly improve the performance of F5 DNS Services. With DNS Express, each individual core of each BIG-IP device can answer approximately 125,000 to 200,000 requests per second, scaling up to 10 million query RPS. This can be over 12X the capacity of what a typical primary DNS server can handle. This gives F5 customers a unique opportunity to scale dramatically to DNS query responses. If you have high volume DNS coming into your data center, it is more advantageous to respond to those queries from the DMZ rather than from deep within the infrastructure, potentially affecting the back end primary DNS servers along with other critical servers. Instead of responding from deep within the infrastructure, respond using BIG-IP from the DMZ so that no request touches the back end which greatly increases the primary server’s ability can scale. Offload DNS to BIG-IP. With these large scale capabilities, even if a site is flooded due to some unexpected event, DNS can respond to all queries, good or bad. This keeps all your critical web, application and database services available. Organizations can secure DNS while achieving high scale. There is less equipment to purchase, manage and support. Plus, BIG-IP offers easy DNS management that integrates with your existing infrastructure. Error checking, auto population of protocols and importation of zones help eliminate any downtime from DNS errors. Organizations can make their applications fast, available and secure but if DNS is not responding, it doesn’t really matter since no one can get to it anyway. F5 DNS Services is leaner, faster, and more secure and offers massive performance over any other DNS solution. DNS is the internet’s phonebook and is essential for every web property on the Internet. It helps people find your web presence. It helps websites deliver the content you want visitors to see. If DNS is slow, then you entire infrastructure is slow and your bounce rate jumps. If your website takes longer than 3 seconds to load, you are losing revenue. If your DNS is attacked, then your web presence is severely limited. If your DNS cannot scale, then you cannot accommodate additional visitors. If your DNS is compromised, then your brand suffers. If DNS doesn’t work, you lose revenue. If you have an antiquated DNS infrastructure, you’re spending too much money and putting the business at risk. If people cannot find you, they will go somewhere else. If your DNS is resilient, people will find you. If people can find you, they will engage. If they engage, your brand gets exposure. If your web properties respond quickly, people are more likely to stay. If people stay, business will grow. The F5 Intelligent DNS Scale reference architecture can help protect your brand and grow your business. Intelligent means that BIG-IP, based on the context of the request (like location or reputation), can determine if the query is valid. Scale means that BIG-IP will be able to handle any surge of DNS queries keeping your applications available for your customers.
• #15: DNS is the internet’s phonebook and essential for every web property on the internet. It helps people find your web presence. It helps websites deliver the content you want visitors to see. If DNS is slow, then you entire infrastructure is slow and your bounce rate jumps. If your website takes longer than 3 seconds to load, you are losing revenue. If your DNS is attacked, then your web presence is severely limited. If your DNS cannot scale, then you cannot accommodate additional visitors. If your DNS is compromised, then your brand suffers. If DNS doesn’t work, you lose revenue. If you have an antiquated DNS infrastructure, you’re spending too much money and putting the business at risk. If people cannot find you, they will go somewhere else. If your DNS is resilient, people will find you. If people can find you, they will engage. If they engage, your brand gets exposure. If your web properties respond quickly, people are more likely to stay. If people stay, business will grow. F5 DNS Services can help protect your brand and grow your business. Intelligent means that BIG-IP, based on the context of the request (like location or reputation), can determine if the query is valid. Scale means that BIG-IP will be able to handle any surge of DNS queries keeping your applications available for your customers.
• #16: • Is DNS management error prone and cumbersome? • Do you follow a multi-step manual failover process? • Are your end users experiencing 404 errors, poor performance, broken sessions, or lost/corrupted data?
• #23: See slide